Installation guide

ManualsBrandsRed Hat ManualsConsumer electronicsDIRECTORY SERVER 7.1 SP7 - S

90 NetIQ eDirectory 8.8 SP8 Installation Guide

NOTE: For more details information on the eDirectory configuration parameters, refer to the

nds.conf

man page.

7.3 Security Considerations

The following security considerations are recommended:

 Make sure that only authenticated users have browse rights to the tree. To limit this, do the

following:

 Remove browse rights of [Public] on tree root.

 Assign [Root] browse rights on tree root.

 Set the

ldapBindRestrictions

attribute on the LDAP server object to

Disallow anonymous

Simple Bind

. This prevents the clients from doing anonymous binds.

 By default, the cipher is set to

Export

. Make LDAP more secure by setting the cipher to

HIGH

. To

do this, change the bind restrictions attribute of the LDAP Server object to

Use Higher Cipher

(greater than 128 bit)

http.server.interfaces

Comma-separated list of interfaces that HTTP server

should use.

http.server.request-io-buffer-

size

Default IO buffer size.

http.server.request_timeout-

seconds

Server request timeout.

http.server.keep-timeout-

seconds

Number of seconds to wait for the next request from the

same client on the same connection.

http.server.threads-per-

processor

HTTP thread pool size per processor.

http.server.session-exp-seconds

Session expiration time in seconds.

http.server.sadmin-passwd

Session administrator password.

http.server.module-base

HTTP server webroot.

https.server.cached-cert-dn

HTTPS server cached certificate DN.

https.server.cached-server-dn

HTTPS server cached DN.

http.server.trace-level

Diagnostic trace level of HTTP server.

http.server.auth-req-tls

HTTP server authentication requires TLS.

http.server.clear-port

Server port for the HTTP protocol.

http.server.tls-port

Server port for the HTTPS protocol.

Parameter Description