Manualshelf

Server User Manual

ManualsBrandsRed Hat ManualsServer8.1
51525354555657585960
Chapter 2. Core Server Configuration Reference
38
Parameter Description
Syntax Integer
Example nsslapd-ioblocktimeout: 1800000
2.3.1.63. nsslapd-lastmod (Track Modification Time)
This attribute sets whether the Directory Server maintains the modification attributes for Directory
Server entries. These are operational attributes. These attributes include:
modifiersName - The distinguished name of the person who last modified the entry.
modifyTimestamp - The timestamp, in GMT format, for when the entry was last modified.
creatorsName - The distinguished name of the person who initially created the entry.
createTimestamp - The timestamp for when the entry was created in GMT format.
Parameter Description
Entry DN cn=config
Valid Values on | off
Default Value on
Syntax DirectoryString
Example nsslapd-lastmod: on
WARNING
This attribute should never be turned off. If the nsslapd-lastmod is set to off,
then generating nsUniqueIDs is also disabled, replication does not work, and other
issues may arise.
If for some reason this attribute were set to off, the solution is to export the database
to ldif (db2ldif or db2ldif.pl or from the console), set the value to on, and import
the data. The import process assigns each entry a unique id.
2.3.1.64. nsslapd-ldapiautobind (Enable Autobind)
The nsslapd-ldapiautobind sets whether the server will allow users to autobind to Directory
Server using LDAPI. Autobind maps the UID or GUID number of a system user to a Directory Server
user, and automatically authenticates the user to Directory Server based on those credentials. The
Directory Server connection occurs over UNIX socket.
Along with enabling autobind, configuring autobind requires configuring mapping entries. The
nsslapd-ldapimaprootdn maps a root user on the system to the Directory Manager. The
nsslapd-ldapimaptoentries maps regular users to Directory Server users, based on the
parameters defined in the nsslapd-ldapiuidnumbertype, nsslapd-ldapigidnumbertype,
and nsslapd-ldapientrysearchbase attributes.
Autobind can only be enabled if LDAPI is enabled, meaning the nsslapd-ldapilisten is on and
the nsslapd-ldapifilepath attribute is set to an LDAPI socket.