Overview#

Attributes within the DUA Config Profile are defined in RFC 4876

AttributeDescription
cnThe profile name. The attribute has no default value. The value must be specified.
preferredServerListThe host addresses of the preferred servers is a space separated list of server addresses. (Do not use host names.) The servers in this list are tried in order before those in defaultServerList until a successful connection is made. This has no default value. At least one server must be specified in either preferredServerList or defaultServerList.
defaultServerListThe host addresses of the default servers is a space separated list of server addresses. (Do not use host names.) After the servers in preferredServerlist are tried, those default servers on the client’s subnet are tried, followed by the remaining default servers, until a connection is made. At least one server must be specified in either preferredServerList or defaultServerList. The servers in this list are tried only after those on the preferred server list. This attribute has no default value.
defaultSearchBaseThe DN relative to which to locate the well-known containers. There is no default for this value. However, this can be overridden for a given service by the serviceSearchDescriptor attribute.
defaultSearchScopeDefines the scope of a database search by a client. It can be overridden by the serviceSearchDescriptor attribute. The possible values are one or sub. The default value is a one level search.
authenticationMethodIdentifies the method of authentication used by the client. The default is none (anonymous).
credentialLevelIdentifies the type of credentials a client should use to authenticate. The choices are anonymous or proxy. The default is anonymous.
serviceSearchDescriptorDefines how and where a client should search for a naming database, for example, if the client should look in one or more points in the DIT. By default no SSDs are defined.
serviceAuthenticationMethodAuthentication method used by a client for the specified service. By default, no service authentication methods are defined. If a service does not have serviceAuthenticationMethod defined, it will default to the value of authenticationMethod.
attributeMapAttribute mappings used by client. By default no attributeMap is defined.
objectclassMapObject class mappings used by client. By default no objectclassMap is defined.
searchTimeLimitMaximum time in seconds a client should allow for a search to complete before timing out. This does not affect the time the LDAP server will allow for a search to complete. The default value is 30 seconds.
bindTimeLimitMaximum time in seconds a client should allow to bind with a server before timing out. Default value is 30 seconds.
followReferralsSpecifies whether a client should follow an LDAP referral. Possible values TRUE or FALSE. The default value is TRUE.
profileTTLTime between refreshes of the client profile from the LDAP server by the ldap_cachemgr(1M). Default is 43200 seconds or 12 hours. If given a value of 0, the profile will never be refreshed.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-7) was last changed on 06-Aug-2016 13:23 by jim