HP CIFS Server Administrator Guide Version A.02.04.04 (5070-6710, October 2011)
Table 13 Global Parameters
DescriptionParameter
Specifies the host name of the Directory Server where you want to
store your data.
ldap server
Specifies the base of the directory tree where you want to add users
and machine accounts information. It is also used as the Distinguished
ldap suffix
Name (DN) of the search base, which tells LDAP where to start the
search for the entry. For example, if your base DN is "dc=org,
dc=hp, dc=com", then you need to set the value of ldapsuffix
= "dc=org, dc=hp, dc=com".
Specifies the base of the directory tree where you want to add users
information. If you do not specify this parameter, HP CIFS Server uses
ldap user suffix
the value of ldap suffix. For example, ldap user suffix =
"ou=People".
Specifies the base of the directory tree where you want to add groups
information. If you do not specify this parameter, HP CIFS Server uses
ldap group suffix
the value of ldap suffix instead. For example, ldap group
suffix = "ou=Groups".
Specifies the user Distinguished Name (DN) used by the HP CIFS
Server to connect to the LDAP directory server when retrieving user
ldap admin dn
account information. The ldap admin dn is used in conjunction
with the admin dn password stored in the /var/opt/samba/
private/secrets.tdb file. For example, ldap admin dn =
"cn = directory manager".
Specifies whether a delete operation in the ldapsam deletes the
complete entry or only the attributes specific to Samba. The default
value is No.
ldap delete dn
Specifies whether the HP CIFS Server should sync the LDAP password
with the NT and LM hashes for normal accounts on a password
change. This option can be set to one of three values:
ldap passwd sync
• Yes: Update the LDAP, NT and LM passwords and update the
pwdLastSet time.
• No: Update NT and LM passwords and update the pwdLastSet
time.
• Only: Only update the LDAP password and let the LDAP server do
the rest.
The default value is No.
When Samba is requested to write to a read-only LDAP replica, it is
redirected to talk to the read-write master server. This server then
ldap replication sleep
replicates the changes back to the local server. The replication might
take some seconds, especially over slow links. Certain client activities
can become confused by the 'success' that does not immediately
change the LDAP back-end's data. This option simply causes Samba
to wait a short time and allows the LDAP server to catch up. The value
is specified in milliseconds, the maximum value is 5000 (5 seconds).
By default, ldapreplication sleep = 1000 (1 second).
Specifies in seconds how long the HP CIFS Server waits for the LDAP
server to respond to the connect request if the LDAP server is down
or unreachable. The default value is 15 (in seconds).
ldap timeout
Specifies the Secure Sockets Layer (SSL) support. HP CIFS Server
A.02.03 or later supports theldap ssl = start_tls option.
ldap ssl
Specifies Yes to enable this feature using the port number 636 to
connect to the LDAP directory server. If you choose to use Start TLS,
set it to start_tls to enable SSL using port number 389 to connect to
the LDAP directory server. To disable SSL , set it to No. By default,
this parameter is set to No.
92 LDAP Integration Support