Manualshelf

HP-UX Directory Server 8.1 configuration, command, and file reference

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server
41424344454647484950
is refusing connections because it is out of file descriptors. When this occurs, the following
message is written to the Directory Server's error log file:
Not listening for new connections -- too many fds open
See “nsslapd-conntablesize” for more information about increasing the number of incoming
connections.
NOTE:
UNIX shells usually have configurable limits on the number of file descriptors. See the operating
system documentation for further information about limit and ulimit, as these limits can
often cause problems.
The server has to be restarted for changes to this attribute to go into effect.
DescriptionParameter
cn=configEntry DN
1 to 65535Valid Range
1024Default Value
IntegerSyntax
nsslapd-maxdescriptors: 1024Example
2.3.1.71 nsslapd-max-filter-nest-level (Maximum search filter nesting level)
This attribute sets the level of nesting allowed in search filters. Setting this parameter to 0 or a
negative number removes any limit on the depth of the nested filters.
DescriptionParameter
cn=configEntry DN
-1 to the maximum 32-bit integer value (2147483647)Valid Range
40Default Value
IntegerSyntax
nsslapd-max-filter-nest-level: 1
This would cause the following filter to be rejected:
"(&(&(uid=jsmith)(sn=smith))(objectclass=person))"
Example
2.3.1.72 nsslapd-maxsasliosize (Maximum SASL packet size)
When a user is authenticated to the Directory Server over SASL GSS-API, the server must allocate
a certain amount of memory to the client to perform LDAP operations, according to how much
memory the client requests. It is possible for an attacker to send such a large packet size that it
crashes the Directory Server or ties it up indefinitely as part of a denial of service attack.
The packet size which the Directory Server will allow for SASL clients can be limited using the
nsslapd-maxsasliosize attribute. This attribute sets the maximum allowed SASL IO packet
size that the server will accept.
When an incoming SASL I/O packet is larger than the nsslapd-maxsasliosize limit, the
server immediately disconnects the client and logs a message to the error log, so that an
administrator can adjust the setting if necessary.
50 Core server configuration reference