LDAP-UX Client Services B.04.10 Administrator's Guide (edition 7)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

181

182

183

184

185

186

187

188

189

190

NOTE: The userPassword attribute is mapped to *NULL*

to prevent passwords from being returned for increased

security and to prevent PAM_UNIX from authenticating

users in the LDAP directory. Mapping to *NULL* or any

other nonexistent attribute means do not return anything.

authenticationMethod

is how the client binds to the directory. The value can be

"simple" indicating bind using a user name and password.

If this attribute has no value, "simple" is the default.

bindTimeLimit

is how long, in seconds, the client should wait to bind before

aborting. 0 (zero) means no time limit. If this attribute has

no value, the default is no time limit.

credentialLevel

is the identity clients use when binding to the directory. The

value must be one of the following: "proxy", "anonymous",

or "proxy anonymous". "proxy" means use the configured

proxy user. "anonymous" means use anonymous access.

"proxy anonymous" means use the configured proxy user

and if that fails, bind anonymously. If this attribute has no

value, "anonymous" is the default.

defaultSearchBase

is the base DN where clients can find name service

information, for example ou=hpusers,o=hp.com. This

attribute must have a value.

defaultServerList

is the same as preferredServerList except the order in which

the specified hosts is tried can be interpreted, and

defaultServerList is used only after preferredServerList. If

neither defaultServerList nor preferredServerList specifies

a host, the client tries the host where the profile is. See

preferredServerList below.

followReferrals

specifies whether or not referrals should be followed. If the

entry is 0 (zero) or FALSE, referrals will not be followed. If

the attribute has no value, any other numeric value, or TRUE

referrals will be followed.

preferredServerList

is a list of one or more host IP addresses and optional port

numbers where LDAP directory servers are running. Each

host is searched in the order given. If this attribute has no

value, or if none of the specified servers satisfies the client's

request, the defaultServerList is used. See defaultServerList

above.

For example, 15.13.128.145:250 is the host at IP address

15.13.128.145 using port number 250. When specifying

multiple hosts, each host:port entry must be separated by a

space.

profileTTL

is the recommended time interval before refreshing the

cached configuration profile.

searchTimeLimit

is how long, in seconds, a client should wait for directory

searches before aborting. 0 (zero) means no time limit. If this

attribute has no value, the default is no time limit.

serviceSearchDescriptor

is one to three custom search descriptors for each service.

The format is Service:BaseDN?Scope?(Filter) where

Service is one of the supported services passwd, group,

shadow, or pam. BaseDN is the base DN at which to start

searches. Scope is the search scope and can be one of the

following: one, base, sub. Filter is an LDAP search filter,

186 LDAP-UX Client Services Object Classes