Server User Manual
cn=config
45
Parameter Description
Example nsslapd-maxdescriptors: 1024
2.3.1.78. nsslapd-maxsasliosize (Maximum SASL Packet Size)
When a user is authenticated to the Directory Server over SASL GSS-API, the server must allocate a
certain amount of memory to the client to perform LDAP operations, according to how much memory
the client requests. It is possible for an attacker to send such a large packet size that it crashes the
Directory Server or ties it up indefinitely as part of a denial of service attack.
The packet size which the Directory Server will allow for SASL clients can be limited using the
nsslapd-maxsasliosize attribute. This attribute sets the maximum allowed SASL IO packet size
that the server will accept.
When an incoming SASL IO packet is larger than the nsslapd-maxsasliosize limit, the server
immediately disconnects the client and logs a message to the error log, so that an administrator can
adjust the setting if necessary.
This attribute value is specified in bytes.
Parameter Description
Entry DN cn=config
Valid Range -1 (unlimited) to the maximum 32-bit integer
value (2147483647) on 32-bit systems
-1 (unlimited) to the maximum 64-bit integer
value (9223372036854775807) on 64-bit
systems
Default Value 2000000 (2MB)
Syntax Integer
Example nsslapd-maxsasliosize: 5000000
2.3.1.79. nsslapd-maxthreadsperconn (Maximum Threads per
Connection)
Defines the maximum number of threads that a connection should use. For normal operations where
a client binds and only performs one or two operations before unbinding, use the default value. For
situations where a client binds and simultaneously issues many requests, increase this value to allow
each connection enough resources to perform all the operations. This attribute is not available from
the server console.
Parameter Description
Entry DN cn=config
Valid Range 1 to maximum threadnumber
Default Value 5
Syntax Integer
Example nsslapd-maxthreadsperconn: 5