Mac OS X Server

Chapter 15 Working with Open Directory 255
Idle Rebinding Options
The following two LDAPv3 plug-in parameters are documented in the Open Directory
administration guide. The parameters are used in the file /library/preferences/
Delay Rebind
This parameter specifies how long the LDAP plug-in waits before attempting to
reconnect to a server that fails to respond. You can increase this value to prevent
continuous reconnection attempts.
<key>Delay Rebind Try in seconds<\key>
You can find this parameter in the DSLDAPv3PlugInConfig.plist file near
<key>OpenClose Timeout in seconds<\key>. If not, you can add it there.
Idle Timeout
This parameter specifies how long the LDAP plug-in will sit idle before disconnecting
from the server. You can adjust this value to reduce overloading of the servers
connections from remote clients.
<key>Idle Timeout in minutes<\key>
If this parameter doesn’t already exist in the DSLDAPv3PlugInConfig.plist file, you can
add it near <key>OpenClose Timeout in seconds<\key>.
Searching the LDAP Server
The ldapsearch tool connects to an LDAP server, authenticates, finds entries, and
returns attributes of the entries found.
To query the LDAP server for all the user’s information:
Enter the following command, replacing the example search base (cn=users,
dc=example, dc=com) with an actual search base:
$ ldapsearch -H ldap:// -b cn=users,dc=example,dc=com
By default, ldapsearch tries to connect to the LDAP server using the Simple
Authentication and Security Layer (SASL) method. If the server doesn’t support this
method, you see this error message:
ldap_sasl_interactive_bind_s: No such attribute (16)
Regenerate directory indexes.
/usr/sbin/slappasswd Generate user password. hashes.
Tool Used to