Red Hat Directory Server 8.0 Administrator's Guide
ldapmodify -p 389 -D "cn=Directory Manager" -w password -h example
dn: cn=Pass Through Authentication,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginarg0
nsslapd-pluginarg0: ldap://dirserver.example.com/o=NetscapeRoot
Optionally, include the port number. If the port number is not given, the PTA Directory Server
attempts to connect using either the standard port (389) for ldap:// or the secure port (636)
for ldaps://.
If the connection between the PTA Directory Server and the authenticating Directory Server
is broken or the connection cannot be opened, the PTA Directory Server sends the request to
the next server specified, if any. There can be multiple authenticating Directory Servers
specified, as required, to provide failover if the first Directory Server is unavailable. All of the
authentication Directory Server are set in the nsslapd-pluginarg0 attribute.
Multiple authenticating Directory Servers are listed in a space-separate list of host:port pairs,
with this format:
ldap|ldaps://host1:port1 host2:port2/subtree
2. Restart the server.
1
service dirsrv restart instance_name
3.4. Specifying the Pass-through Subtree
The PTA directory passes through bind requests to the authenticating directory from all clients
with a DN defined in the pass-through subtree. The subtree is specified by replacing the subtree
parameter in the LDAP URL of the PTA directory.
The pass-through subtree must not exist in the PTA directory. If it does, the PTA directory
attempts to resolve bind requests using its own directory contents and the binds fail.
1. Use the ldapmodify command to import the LDIF file into the directory.
ldapmodify -p 389 -D "cn=Directory Manager" -w password -h example
dn: cn=Pass Through Authentication,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginarg0
nsslapd-pluginarg0: ldap://dirserver.example.com/o=NetscapeRoot
Specifying the Pass-through Subtree
497