This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Ldapconfig
Ldapconfig

Version management

Difference between version and

At line 1 added 179 lines
!!! Overview
[{$pagename}] is a [eDirectory] utility for on [Linux] systems to modify, view, and refresh the attributes of [LdapServer] and [ldapGroup] objects.
|| Attribute || Description
| LDAP Server | The fully distinguished name of the LDAP server object in eDirectory.
| LDAP Host Server | The fully distinguished name of the host eDirectory server that the LDAP server runs on.
| LDAP Group | The LDAP Group object in eDirectory that this LDAP server is a member of.
| LDAP Server Bind Limit| The number of clients that can simultaneously bind to the LDAP server. A value of 0 (zero) indicates no limit.
| LDAP Server Idle Timeout | The period of inactivity from a client after which LDAP server terminates the connection with this client. A value of 0 (zero) indicates no limit.
| LDAP Enable TCP | This option is deprecated in the eDirectory 8.8 SP8 release. It is available through ldapInterfaces. For more information, see ldapInterfaces.
| LDAP Enable TLS | This option has been deprecated in eDirectory 8.8 SP8. However, it is available through ldapInterfaces.
| LDAP TCP Port | This option has been deprecated in eDirectory 8.8 SP8. However, it is available through ldapInterfaces.
| LDAP TLS Port | This option has been deprecated in eDirectory 8.8 SP8. However, it is available through ldapInterfaces.
| [LdapKeyMaterialName] | The name of the Certificate object in [eDirectory] that is associated with this LDAP server and will be used for [SSL] [LDAP] connections.
| [searchSizeLimit] | The maximum number of entries that the LDAP server will return to an LDAP client in response to a search. A value of 0 (zero) indicates no limit. If the user has the administrator rights on the LDAP server object, the searchSizeLimit value is not considered.
| [searchTimeLimit] | The maximum number of seconds after which an LDAP search will be timed out by the LDAP server. A value of 0 (zero) indicates no limit. If the user has the administrator rights on the LDAP server object, the searchTimeLimit value is not considered.
| [filteredReplicaUsage] | Specifies whether the LDAP server should use a filtered replica for an LDAP search. \\ values=1 (use filtered replica) \\0 (do not use filtered replica)
| [sslEnableMutualAuthentication] | Specifies whether SSL-based mutual authentication (Certificate-based client authentication) is enabled on the LDAP server.
| [ldapTLSVerifyClientCertificate] | Enables or disables verification of the client certificate for a TLS operation through LDAP.
| [ldapNonStdAllUserAttrsMode] | Enables or disables the non standard, all user, and operational attributes.
| [ldapBindRestrictions] | Enables LDAP bind restrictions and cipher level on LDAP client connections.This attribute can be used to control client connections. You can set any of the following four LDAP bind restrictions
| [ldapChainSecureRequired] | This is a boolean attribute. If enabled, chaining to other eDirectory will be over secure NCP. By default, the attribute is disabled.
| [ldapInterfaces] | A multi-valued SYN_CI_STRING attribute used to store LDAP URLs on which LDAP server listens (on both cleartext and secure ports). This attribute is useful in configuring multiple instances that require each instance of the eDirectory server to listen on a specific interface. It can be configured with the IP addresses and port numbers in the LDAP URL format. The LDAP server listens on these IP addresses and ports.
| [ldapStdCompliance] | eDirectory LDAP server by default does not return the sub-ordinate referrals for ONE level search. To enable this, you need to turn on ldapStdCompliance with a value 1. Setting this value will make the LDAP server return the sub-ordinate referrals for ONE level search.
| [ldapChainSecureRequired] | This is a boolean attribute. If this is enabled, the chaining to other eDirectory will be over secure NCP. By default, the attribute will be disabled.
| [ldapEnablePSearch] | Specifies whether or not the persistent search feature is enabled on the LDAP server. Values= yes, no
| [ldapMaximumPSearchOperations] | An integer value that limits the number of concurrent persistent search operations possible. A value of 0 specifies unlimited search operations.
| [ldapIgnorePSearchLimitsForEvents] | Indicates whether size and time limits should be ignored after the persistent search request has sent the initial result set. \\Values= yes, no \\If this attribute is set to false, the entire persistent search operation is subject to the search limits. If either limit is reached, the search fails with the appropriate error message.
| [ldapGeneralizedTime] | Enable Generalized Time to display time in the YYYYMMDDHHmmSS.0Z format. Values= yes, no
| [ldapPermissiveModify] | Enable Permissive Modify Control to extend the LDAP modify operation. If an attempt is made to delete an attribute that does not exist or to add any value to an attribute that already exists, the operation goes through without displaying any error message Values= yes, no
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [https://www.netiq.com/documentation/edir88/edir88/data/agq8auc.html|https://www.netiq.com/documentation/edir88/edir88/data/agq8auc.html|target='_blank'] - based on information obtained 2020-03-10
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop