Red Hat Directory Server 8.0 Administrator's Guide
• Section 3.3, “Specifying the Authenticating Directory Server”
• Section 3.4, “Specifying the Pass-through Subtree”
• Section 3.5, “Configuring the Optional Parameters”
3.1. Turning the Plug-in On or Off
To turn the PTA Plug-in on from the command line, do the following:
1. Use the ldapmodify command to update the plug-in configuration:
ldapmodify -p 389 -D "cn=Directory Manager" -w password -h example
dn: cn=Pass Through Authentication,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginenabled
nsslapd-pluginenabled: on
2. Restart the server.
1
service dirsrv restart instance_name
To disable the plug-in, change the nsslapd-pluginenabled attribute value from on to off.
Whenever the PTA Plug-in is enabled or disabled from the command line, the server must be
restarted.
3.2. Configuring the Servers to Use a Secure Connection
The PTA directory can be configured to communicate with the authenticating directory over SSL
by specifying LDAPS in the LDAP URL of the PTA directory. For example:
nsslapd-pluginarg0: ldaps://ldap.example.com:636/o=NetscapeRoot
3.3. Specifying the Authenticating Directory Server
The authenticating directory contains the bind credentials for the entry with which the client is
attempting to bind. The PTA directory passes the bind request to the host defines as the
authenticating directory. To specify the authenticating Directory Server, replace authDS in the
LDAP URL of the PTA directory with the authenticating directory's hostname, as described in
Table 17.1, “PTA Plug-in Parameters”.
1. Use ldapmodify edit the PTA Plug-in entry.
Chapter 17. Using the Pass-through Authentication Plug-in
496