Red Hat Directory Server 8.0 Administrator's Guide
...
4.2. Specifying Multiple Authenticating Directory Servers
If the connection between the PTA Directory Server and the authenticating Directory Server is
broken or the connection cannot be opened, the PTA Directory Server sends the request to the
next server specified, if any. There can be multiple authenticating Directory Servers specified,
as required, to provide failover if the first Directory Server is unavailable. All of the
authentication Directory Server are set in the nsslapd-pluginarg0 attribute. Multiple
authenticating Directory Servers are listed in a space-separate list of host:port pairs. For
example:
dn: cn=Pass Through Authentication,cn=plugins,cn=config
...
nsslapd-pluginEnabled: on
nsslapd-pluginarg0: ldap://configdir.example.com:389
config2dir.example.com:1389/o=NetscapeRoot
...
NOTE
The nsslapd-pluginarg0 attribute sets the authentication Directory Server;
additional nsslapd-pluginargN attributes can set additional suffixes for the PTA
Plug-in to use, but not additional hosts.
4.3. Specifying One Authenticating Directory Server and
Multiple Subtrees
The following example configures the PTA Directory Server to pass through bind requests for
more than one subtree (using parameter defaults):
dn: cn=Pass Through Authentication,cn=plugins,cn=config
...
nsslapd-pluginEnabled: on
nsslapd-pluginarg0: ldap://configdir.example.com/o=NetscapeRoot
nsslapd-pluginarg1: ldap://configdir.example.com/dc=example,dc=com
...
4.4. Using Non-Default Parameter Values
This example uses a non-default value (10) only for the maximum number of connections
parameter maxconns. Each of the other parameters is set to its default value. However, because
one parameter is specified, all parameters must be defined explicitly in the syntax.
Chapter 17. Using the Pass-through Authentication Plug-in
500