Manualshelf

Server User Manual

ManualsBrandsRed Hat ManualsServer8.1
61626364656667686970
Chapter 2. Core Server Configuration Reference
54
be owned by the server user ID, and that user must have read and write permissions to the directory.
The default value is the schema subdirectory of the Directory Server instance-specific configuration
directory, /etc/dirsrv/slapd-instance_name/schema.
Changes made to this attribute will not take effect until the server is restarted.
2.3.1.99. nsslapd-schemareplace
Determines whether modify operations that replace attribute values are allowed on the cn=schema
entry.
Parameter Description
Entry DN cn=config
Valid Values on | off | replication-only
Default Value replication-only
Syntax DirectoryString
Example nsslapd-schemareplace: replication-only
2.3.1.100. nsslapd-securelistenhost
This attribute allows multiple Directory Server instances to run on a multihomed machine (or makes
it possible to limit listening to one interface of a multihomed machine). There can be multiple IP
addresses associated with a single hostname, and these IP addresses can be a mix of both IPv4 and
IPv6. This parameter can be used to restrict the Directory Server instance to a single IP interface; this
parameter also specifically sets what interface to use for SSL/TLS traffic rather than regular LDAP
connections.
If a hostname is given as the nsslapd-securelistenhost value, then the Directory Server
responds to requests for every interface associated with the hostname. If a single IP interface (either
IPv4 or IPv6) is given as the nsslapd-securelistenhost value, Directory Server only responds to
requests sent to that specific interface. Either an IPv4 or IPv6 address can be used.
The server has to be restarted for changes to this attribute to go into effect.
Parameter Description
Entry DN cn=config
Valid Values Any secure hostname, IPv4 or IPv6 address
Default Value
Syntax DirectoryString
Example nsslapd-securelistenhost: ldaps.example.com
2.3.1.101. nsslapd-securePort (Encrypted Port Number)
This attribute sets the TCP/IP port number used for SSL/TLS communications. This selected port
must be unique on the host system; make sure no other application is attempting to use the same
port number. Specifying a port number of less than 1024 requires that Directory Server be started as
root. The server sets its uid to the nsslapd-localuser value after startup.
The server only listens to this port if it has been configured with a private key and a certificate, and
nsslapd-security is set to on; otherwise, it does not listen on this port.