HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)
Table 35 PTA plug-in parameters (continued)
DefinitionVariable
should be enforced. See “Configuring the optional parameters” (page 308) for more
information.
Optional. The version of the LDAP protocol used to connect to the authenticating directory.
Directory Server supports LDAP version 2 and 3. The default is version 3, and HP strongly
ldver
recommends against using LDAPv2, which is old and will be deprecated. See “Configuring
the optional parameters” (page 308) for more information.
Optional. The time limit, in seconds, within which a connection may be used. If a bind
request is initiated by a client after this time has expired, the server closes the connection
connlifetime
and opens a new connection to the authenticating directory. The server will not close the
connection unless a bind request is initiated and the directory determines the connection
lifetime has been exceeded. If this option is not specified, or if only one host is listed, no
connection lifetime will be enforced. If two or more hosts are listed, the default is 300 seconds
(five minutes). See “Configuring the optional parameters” (page 308) for more information.
Optional. A flag of whether to use Start TLS for the connection to the authenticating directory.
Start TLS establishes a secure connection over the standard port, so it is useful for connecting
startTLS
using LDAP instead of LDAPS. The SSL server and CA certificates need to be available on
both of the servers.
The default is 0, which is off. To enable Start TLS, set it to 1. To use Start TLS, the LDAP URL
must use ldap:, not ldaps:.
See “Configuring the optional parameters” (page 308) for more information.
7.4.3 Configuring the PTA plug-in
The only method for configuring the PTA plug-in is to modify the entry cn=Pass Through
Authentication, cn=plugins,cn=config. To modify the PTA configuration:
1. Use the ldapmodify command to modify cn=Pass Through Authentication,
cn=plugins,cn=config.
2. Restart Directory Server.
/opt/dirsrv/slapd-instance_name/restart-slapd
For more information about the command to start and stop the HP-UX Directory Server,
see“Starting and Stopping Servers” (page 19).
Before configuring any of the PTA Plug-in parameters, the PTA Plug-in entry must be present in the
Directory Server. If this entry does not exist, create it with the appropriate syntax, as described in
“PTA plug-in syntax” (page 305).
NOTE:
If the user and configuration directories are installed on different instances of the directory, the
PTA Plug-in entry is automatically added to the user directory's configuration and enabled.
This section provides information about configuring the plug-in in the following sections:
• “Configuring the servers to use a secure connection” (page 307)
• “Specifying the authenticating Directory Server” (page 308)
• “Specifying the pass-through subtree” (page 308)
• “Configuring the optional parameters” (page 308)
7.4.3.1 Configuring the servers to use a secure connection
The PTA directory can be configured to communicate with the authenticating directory over SSL
by specifying LDAPS in the LDAP URL of the PTA directory. For example:
nsslapd-pluginarg0: ldaps://ldap.example.com:636/o=NetscapeRoot
7.4 Using pass-through authentication 307