HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

301

302

303

304

305

306

307

308

309

310

ldap|ldaps://authDS/subtree maxconns, maxops, timeout, ldver, connlifetime, startTLS

• The maximum number of connections the PTA Directory Server can open simultaneously to the

authenticating directory, represented by maxconns in the PTA syntax.

The default value is 3.

• The maximum number of bind requests the PTA Directory Server can send simultaneously to

the authenticating Directory Server within a single connection.

In the PTA syntax, this parameter is maxops. The default is value is 5.

• The time limit for the PTA Directory Server to wait for a response from the authenticating

Directory Server.

In the PTA syntax, this parameter is timeout. The default value is 300 seconds (five minutes).

• The version of the LDAP protocol for the PTA Directory Server to use to connect to the

authenticating Directory Server.

In the PTA syntax, this parameter is ldver. The default is LDAPv3.

• The time limit in seconds within which a connection may be used.

If a bind request is initiated by a client after this time has expired, the server closes the

connection and opens a new connection to the authenticating Directory Server. The server

will not close the connection unless a bind request is initiated and the server determines the

timeout has been exceeded. If this option is not specified or if only one authenticating Directory

Server is listed in the authDS parameter, no time limit will be enforced. If two or more hosts

are listed, the default is 300 seconds (five minutes). In the PTA syntax, this parameter is

connlifetime.

• Whether to use Start TLS for the connection.

Start TLS creates a secure connection over a standard LDAP port. For Start TLS, the servers

must have their server and CA certificates installed, but they do not need to be running in SSL.

The default is 0, which means Start TLS is off. To enable Start TLS, set it to 1. To use Start TLS,

the LDAP URL must use ldap:, not ldaps:.

1. Use ldapmodify to edit the plug-in entry.

ldapmodify -p 389 -D "cn=Directory Manager" -w secret -h example

dn: cn=Pass Through Authentication,cn=plugins,cn=config

changetype: modify

replace: nsslapd-pluginarg0

nsslapd-pluginarg0: ldap://dirserver.example.com/o=NetscapeRoot

3,5,300,3,300,0

(In this example, each of the optional parameters is set to its default value.) Make sure there

is a space between the subtree parameter, and the optional parameters.

NOTE:

Although these parameters are optional, if any one of them is defined, they all must be defined,

even if they use the default values.

2. Restart the server.

/opt/dirsrv/slapd-instance_name/restart-slapd

For more information about the command to start and stop the HP-UX Directory Server,

see“Starting and Stopping Servers” (page 19).

7.4 Using pass-through authentication 309