HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3332, November 2013)
PTA plug-in syntax examples
This section contains the following examples of PTA Plug-in syntax in the dse.ldif file:
• “Specifying one authenticating Directory Server and one subtree” (page 310)
• “Specifying multiple authenticating Directory Servers” (page 310)
• “Specifying one authenticating Directory Server and multiple subtrees” (page 310)
• “Using non-default parameter values” (page 310)
• “Specifying different optional parameters and subtrees for different authenticating Directory
Servers” (page 311)
Specifying one authenticating Directory Server and one subtree
This example configures the PTA Plug-in to accept all defaults for the optional variables. This
configuration causes the PTA Directory Server to connect to the authenticating Directory Server for
all bind requests to the o=NetscapeRoot subtree. The host name of the authenticating Directory
Server is configdir.example.com.
dn: cn=Pass Through Authentication,cn=plugins,cn=config
...
nsslapd-pluginEnabled: on
nsslapd-pluginarg0: ldap://configdir.example.com/o=NetscapeRoot
...
Specifying multiple authenticating Directory Servers
If the connection between the PTA Directory Server and the authenticating Directory Server is broken
or the connection cannot be opened, the PTA Directory Server sends the request to the next server
specified, if any. There can be multiple authenticating Directory Servers specified, as required, to
provide failover if the first Directory Server is unavailable. All the authentication Directory Server
is set in the nsslapd-pluginarg0 attribute. Multiple authenticating Directory Servers are listed
in a space-separate list of host:port pairs. For example:
dn: cn=Pass Through Authentication,cn=plugins,cn=config
...
nsslapd-pluginEnabled: on
nsslapd-pluginarg0: ldap://configdir.example.com:389 config2dir.example.com:1389/o=NetscapeRoot
...
NOTE:
The nsslapd-pluginarg0 attribute sets the authentication Directory Server; additional
nsslapd-pluginargN attributes can set additional suffixes for the PTA Plug-in to use, but
not additional hosts.
Specifying one authenticating Directory Server and multiple subtrees
The following example configures the PTA Directory Server to pass through bind requests for more
than one subtree (using parameter defaults):
dn: cn=Pass Through Authentication,cn=plugins,cn=config
...
nsslapd-pluginEnabled: on
nsslapd-pluginarg0: ldap://configdir.example.com/o=NetscapeRoot
nsslapd-pluginarg1: ldap://configdir.example.com/dc=example,dc=com
...
Using non-default parameter values
This example uses a nondefault value (10) only for the maximum number of connections parameter
maxconns. Each of the other parameters is set to its default value. However, because one parameter
is specified, all parameters must be defined explicitly in the syntax.
310 Managing User Authentication