jspωiki
Ldapconfig

Overview#

Ldapconfig is a eDirectory utility for on Linux systems to modify, view, and refresh the attributes of LdapServer and ldapGroup objects.

Attribute Description
LDAP Server The fully distinguished name of the LDAP server object in eDirectory.
LDAP Host Server The fully distinguished name of the host eDirectory server that the LDAP server runs on.
LDAP Group The LDAP Group object in eDirectory that this LDAP server is a member of.
LDAP Server Bind Limit The number of clients that can simultaneously bind to the LDAP server. A value of 0 (zero) indicates no limit.
LDAP Server Idle Timeout The period of inactivity from a client after which LDAP server terminates the connection with this client. A value of 0 (zero) indicates no limit.
LDAP Enable TCP This option is deprecated in the eDirectory 8.8 SP8 release. It is available through ldapInterfaces. For more information, see ldapInterfaces.
LDAP Enable TLS This option has been deprecated in eDirectory 8.8 SP8. However, it is available through ldapInterfaces.
LDAP TCP Port This option has been deprecated in eDirectory 8.8 SP8. However, it is available through ldapInterfaces.
LDAP TLS Port This option has been deprecated in eDirectory 8.8 SP8. However, it is available through ldapInterfaces.
LdapKeyMaterialName The name of the Certificate object in eDirectory that is associated with this LDAP server and will be used for SSL LDAP connections.
searchSizeLimit The maximum number of entries that the LDAP server will return to an LDAP client in response to a search. A value of 0 (zero) indicates no limit. If the user has the administrator rights on the LDAP server object, the searchSizeLimit value is not considered.
searchTimeLimit The maximum number of seconds after which an LDAP search will be timed out by the LDAP server. A value of 0 (zero) indicates no limit. If the user has the administrator rights on the LDAP server object, the searchTimeLimit value is not considered.
filteredReplicaUsage Specifies whether the LDAP server should use a filtered replica for an LDAP search.
values=1 (use filtered replica)
0 (do not use filtered replica)
sslEnableMutualAuthentication Specifies whether SSL-based mutual authentication (Certificate-based client authentication) is enabled on the LDAP server.
ldapTLSVerifyClientCertificate Enables or disables verification of the client certificate for a TLS operation through LDAP.
ldapNonStdAllUserAttrsMode Enables or disables the non standard, all user, and operational attributes.
ldapBindRestrictions Enables LDAP bind restrictions and cipher level on LDAP client connections.This attribute can be used to control client connections. You can set any of the following four LDAP bind restrictions
ldapChainSecureRequired This is a boolean attribute. If enabled, chaining to other eDirectory will be over secure NCP. By default, the attribute is disabled.
ldapInterfaces A multi-valued SYN_CI_STRING attribute used to store LDAP URLs on which LDAP server listens (on both cleartext and secure ports). This attribute is useful in configuring multiple instances that require each instance of the eDirectory server to listen on a specific interface. It can be configured with the IP addresses and port numbers in the LDAP URL format. The LDAP server listens on these IP addresses and ports.
ldapStdCompliance eDirectory LDAP server by default does not return the sub-ordinate referrals for ONE level search. To enable this, you need to turn on ldapStdCompliance with a value 1. Setting this value will make the LDAP server return the sub-ordinate referrals for ONE level search.
ldapChainSecureRequired This is a boolean attribute. If this is enabled, the chaining to other eDirectory will be over secure NCP. By default, the attribute will be disabled.
ldapEnablePSearch Specifies whether or not the persistent search feature is enabled on the LDAP server. Values= yes, no
ldapMaximumPSearchOperations An integer value that limits the number of concurrent persistent search operations possible. A value of 0 specifies unlimited search operations.
ldapIgnorePSearchLimitsForEvents Indicates whether size and time limits should be ignored after the persistent search request has sent the initial result set.
Values= yes, no
If this attribute is set to false, the entire persistent search operation is subject to the search limits. If either limit is reached, the search fails with the appropriate error message.
ldapGeneralizedTime Enable Generalized Time to display time in the YYYYMMDDHHmmSS.0Z format. Values= yes, no
ldapPermissiveModify Enable Permissive Modify Control to extend the LDAP modify operation. If an attempt is made to delete an attribute that does not exist or to add any value to an attribute that already exists, the operation goes through without displaying any error message Values= yes, no

More Information#

There might be more information for this subject on one of the following: