HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

301

302

303

304

305

306

307

308

309

310

DescriptionAttribute

Specifies the maximum time the server spends processing a search operation. Giving

this attribute a value of -1 indicates that there is no time limit.

nsTimeLimit

Specifies the time a connection to the server can be idle before the connection is dropped.

The value is given in seconds. Giving this attribute a value of -1 indicates that there is

no limit.

nsIdleTimeout

For example, this sets the size limit for Barbara Jensen by using ldapmodify to modify her entry:

ldapmodify -D "cn=directory manager" -w secret -p 389 -h server.example.com

dn: uid=bjensen,ou=people,dc=example,dc=com

changetype: modify

add:nsSizeLimit

nsSizeLimit: 500

The ldapmodify statement adds the nsSizeLimit attribute to Babs Jensen's entry and gives it

a search return size limit of 500 entries.

7.3.3 Setting Resource Limits for Anonymous Binds

A user entry is not associated with anonymous binds. To set resource limits to anonymous binds,

create a template user entry with all the required resource limits and apply that template to

anonymous binds.

1. Create a template entry with required resource limits.

ldapmodify -a -D "cn=directory manager" -w secret -p 389 -h server.example.com

dn: cn=anonlimits template,ou=people,dc=example,dc=com

changetype: add

objectclass: person

objectclass: top

cn: anonlimits template

sn: template

nsSizeLimit: 100

nsLookThroughLimit: 2000

nsTimeLimit: 60

2. Add the nsslapd-anonlimitsdn to cn=config pointing to the template.

ldapmodify -D "cn=directory manager" -w secret -h server.example.com -p 389

dn: cn=config

changetype: modify

add: nsslapd-anonlimitsdn

nsslapd-anonlimitsdn: cn=anonlimits template,ou=people,dc=example,dc=com

7.4 Using pass-through authentication

Pass-through authentication (PTA) is a mechanism that allows one Directory Server instance to

consult another to authenticate bind requests. Pass-through authentication is implement through the

PTA Plug-in; when enabled, the plug-in lets a Directory Server instance accept simple bind operations

(password-based) for entries not stored in its local database.

Directory Server uses PTA to administer the user and configuration directories on separate instances

of Directory Server.

7.4.1 How Directory Server uses PTA

If the configuration directory and the user directory are installed on separate instances of Directory

Server, the setup program automatically sets up PTA to allow the Configuration Administrator user

(usually admin) to perform administrative duties.

304 Managing User Authentication