HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

311

312

313

314

315

316

317

318

319

320

dn: cn=Pass Through Authentication,cn=plugins,cn=config

...

nsslapd-pluginEnabled: on

nsslapd-pluginarg0: ldap://configdir.example.com/o=NetscapeRoot

10,5,300,3,300,1

...

7.4.4.5 Specifying different optional parameters and subtrees for different authenticating Directory

Servers

To specify a different pass-through subtree and optional parameter values for each authenticating

Directory Server, set more than one LDAP URL/optional parameters pair. Separate the LDAP

URL/optional parameter pairs with a single space as follows.

dn: cn=Pass Through Authentication,cn=plugins,cn=config

...

nsslapd-pluginEnabled: on

nsslapd-pluginarg0:ldap://configdir.example.com/o=NetscapeRoot

10,15,30,3,600,0

nsslapd-pluginarg1:ldap://config2dir.example.com/dc=example,dc=com

7,7,300,3,300,1

...

7.5 Configuring autobind

Autobind is a way to connect to the Directory Server based on local UNIX credentials, which are

mapped to an identity stored in the directory itself. Autobind is configured in two parts:

Before configuring autobind, first make sure that LDAPI is enabled (in “Enabling LDAPI” (page 22)).

Then, configure the autobind mappings (in “Configuring autobind” (page 313)).

7.5.1 Overview of autobind and LDAPI

Inter-process communication (IPC) is a way for sepearate processes on a UNIX machine or a

network to communicate directly with each other. LDAPI is a way to run LDAP connections over

these IPC connections, meaning that LDAP operations can run over UNIX sockets. These connections

are much faster and more secure than regular LDAP conenctions.

The Directory Server uses these LDAPI connections to allow users to bind immediately to the Directory

Server or to access the Directory Server using tools which support connections over UNIX sockets.

Autobind uses the uid:gid of the UNIX user and maps that user to an entry in the Directory Server,

then allows access for that user.

Autobind allows mappings to three directory entries:

• User entries, if the UNIX user matches one user entry

• Directory Manager (or the super user defined in nsslapd-ldapimaprootdn), if the UNIX

user is root

7.5 Configuring autobind 311