Red Hat 8.1 User Manual Page 70
- Page / 374
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
Chapter 2. Core Server Configuration Reference
56
Parameter Description
Example nsslapd-sizelimit: 2000
2.3.1.104. nsslapd-ssl-check-hostname (Verify Hostname for Outbound
Connections)
This attribute sets whether an SSL-enabled Directory Server should verify authenticity of a request by
matching the hostname against the value assigned to the common name (cn) attribute of the subject
name (subjectDN field) in the certificate being presented. By default, the attribute is set to on. If it is
on and if the hostname does not match the cn attribute of the certificate, appropriate error and audit
messages are logged.
For example, in a replicated environment, messages similar to the following are logged in the supplier
server's log files if it finds that the peer server's hostname does not match the name specified in its
certificate:
[DATE] - SSL alert: ldap_sasl_bind("",LDAP_SASL_EXTERNAL) 81 (Netscape runtime error -12276 -
Unable to communicate securely with peer: requested domain name does not
match the server's certificate.)
[DATE] NSMMReplicationPlugin - agmt="cn=SSL Replication Agreement to
host1" (host1.example.com:636):
Replication bind with SSL client authentication failed:
LDAP error 81 (Can't contact LDAP server)
Red Hat recommends turning this attribute on to protect Directory Server's outbound SSL connections
against a man in the middle (MITM) attack.
NOTE>
DNS and reverse DNS must be set up correctly in order for this to work; otherwise,
the server cannot resolve the peer IP address to the hostname in the subject DN in
the certificate.
Parameter Description
Entry DN cn=config
Valid Values on | off
Default Value on
Syntax DirectoryString
Example nsslapd-ssl-check-hostname: on
2.3.1.105. nsslapd-threadnumber (Thread Number)
Defines the number of operation threads that the Directory Server creates at startup. The nsslapd-
threadnumber value should be increased if there are many directory clients performing time-
consuming operations such as add or modify, as this ensures that there are other threads available for
servicing short-lived operations such as simple searches. This value may also need increased if there
are many replication agreements or chained backends (database links). This attribute is not available
from the server console.
- Red Hat Directory 1
- Server 8.1 1
- Configuration and 1
- Command Reference 1
- Reference 2
- Edition 8.1.10 2
- About This Reference 9
- IMPORTANT 10
- 3. Additional Reading 11
- 4. Giving Feedback 12
- 5. Documentation History 12
- Introduction 15
- 2.3.1. cn=config 24
- Sync Minute) 30
- Time Unit) 31
- Number of Log Files) 31
- "(objectclass=*)" 33
- Log Files) 39
- 2.3.1.37. nsslapd-config 41
- 2.3.1.39. nsslapd-counters 41
- 2.3.1.40. nsslapd-csnlogging 42
- Enquoting) 42
- Disk Space) 46
- Sync Enabled) 47
- Authentication Entries) 53
- GUID Number) 54
- Regular Users) 55
- Connection) 59
- 2.3.1.80. nsslapd-nagle 60
- 2.3.1.82. nsslapd-plug-in 60
- 2.3.1.95. nsslapd-saslpath 66
- 2.3.1.98. nsslapd-schemadir 67
- Connections) 70
- NOTE> 70
- 2.3.1.107. nsslapd-tmpdir 71
- 2.3.1.109. nsslapd-workingdir 72
- 2.3.1.116. passwordExpWarned 74
- 2.3.1.141. passwordRetryCount 83
- 2.3.2. cn=changelog5 85
- 2.3.2.4. changes 87
- 2.3.2.5. changeLog 87
- 2.3.2.6. changeNumber 87
- 2.3.2.7. changeTime 87
- 2.3.2.8. changeType 87
- 2.3.2.9. deleteOldRdn 88
- 2.3.2.10. filterInfo 88
- 2.3.2.11. newRdn 88
- 2.3.2.12. newSuperior 88
- 2.3.2.13. targetDn 88
- 2.3.3. cn=encryption 89
- 2.3.3.4. nsSSL3 90
- 2.3.3.5. nsSSL3ciphers 90
- 2.3.4. cn=features 91
- 2.3.5. cn=mapping tree 92
- 2.3.6.2. nsslapd-backend 93
- 2.3.7.1. nsDS5Flags 93
- 2.3.7.3. nsDS5ReplConflict 94
- 2.3.7.5. nsDS5ReplicaBindDN 94
- 2.3.7.7. nsDS5ReplicaId 95
- 2.3.7.9. nsDS5ReplicaName 96
- 2.3.7.12. nsDS5ReplicaRoot 97
- 2.3.7.14. nsDS5ReplicaType 98
- 2.3.7.16. nsds5Task 99
- 2.3.7.17. nsState 99
- 2.3.8.1. cn 99
- 2.3.8.2. description 99
- 2.3.8.3. nsDS5ReplicaBindDN 99
- 2.3.8.8. nsDS5ReplicaHost 101
- 2.3.8.15. nsDS5ReplicaPort 104
- 2.3.8.18. nsDS5ReplicaRoot 105
- 2.3.8.21. nsDS5ReplicaTimeout 106
- 2.3.8.25. nsDS50ruv 108
- 2.3.9.2. nsds7DirsyncCookie 109
- 2.3.9.5. nsds7WindowsDomain 110
- 2.3.9.7. winSyncInterval 110
- 2.3.10. cn=monitor 111
- 2.3.11. cn=replication 113
- 2.3.12. cn=sasl 113
- 2.3.13. cn=SNMP 114
- 2.3.13.3. nssnmplocation 115
- 2.3.13.4. nssnmpcontact 115
- 2.3.13.5. nssnmpdescription 115
- 2.3.13.6. nssnmpmasterhost 115
- 2.3.13.7. nssnmpmasterport 116
- 2.3.15. cn=tasks 118
- 2.3.15.2. cn=import 122
- 2.3.15.3. cn=export 125
- 2.3.15.4. cn=backup 128
- 2.3.15.5. cn=restore 129
- 2.3.15.6. cn=index 130
- 2.3.15.8. cn=memberof task 133
- 2.3.16. cn=uniqueid generator 134
- Allowed Attributes 138
- Superior Class 138
- Required Attributes 139
- 2.5. Legacy Attributes 145
- 2.5.1.2. changeLogMaximumAge 146
- 2.5.1.4. changeLogMaximumSize 147
- 2.5.1.5. generation 147
- 2.5.1.7. nsSynchUserIDFormat 147
- 2.5.2.2. cirBeginORC 149
- 2.5.2.3. cirBindCredentials 149
- 2.5.2.4. cirBindDN 149
- 2.5.2.5. cirHost 149
- 2.5.2.6. cirLastUpdateApplied 150
- 2.5.2.7. cirPort 150
- 2.5.2.8. cirReplicaRoot 150
- 2.5.2.9. cirSyncInterval 150
- 2.5.2.10. cirUpdateFailedAt 150
- 2.5.2.11. cirUpdateSchedule 151
- 2.5.2.13. cirUseSSL 151
- 2.5.2.16. replicaBeginOrc 153
- 2.5.2.17. replicaBindDn 153
- 2.5.2.18. replicaBindMethod 153
- 2.5.2.19. replicaCFUpdated 153
- 2.5.2.20. replicaCredentials 153
- 2.5.2.21. replicaEntryFilter 154
- 2.5.2.22. replicaHost 154
- 2.5.2.24. replicaNickName 154
- 2.5.2.25. replicaPort 154
- 2.5.2.26. replicaRoot 155
- 2.5.2.31. replicaUseSSL 156
- Plug-in Implemented Server 157
- Functionality Reference 157
- 3.1.2. ACL Plug-in 158
- 3.1.5. Binary Syntax Plug-in 159
- 3.1.6. Boolean Syntax Plug-in 160
- 3.1.15. HTTP Client Plug-in 164
- 3.1.18. JPEG Syntax Plug-in 165
- 3.1.19. ldbm database Plug-in 165
- 3.1.21. MemberOf Plug-in 166
- 3.1.24. OID Syntax Plug-in 167
- 3.1.27. PTA Plug-in 170
- 3.1.30. Roles Plug-in 172
- 3.1.31. Schema Reload Plug-in 172
- 3.1.33. State Change Plug-in 173
- 3.1.35. URI Syntax Plug-in 174
- 3.1.36. Views Plug-in 174
- 3.2.1. nsSlapdPlugin 175
- 3.2.2. nsslapd-pluginPath 176
- 3.2.3. nsslapd-pluginInitfunc 176
- 3.2.4. nsslapd-pluginType 176
- 3.2.5. nsslapd-pluginEnabled 176
- 3.2.6. nsslapd-pluginId 177
- 3.2.7. nsslapd-pluginVersion 177
- 3.2.8. nsslapd-pluginVendor 177
- 3.3.1. nsslapd-pluginLoadNow 178
- 3.4.1.1. nsLookThroughLimit 180
- 3.4.1.5. nsslapd-dbcachesize 182
- 3.4.1.8. nsslapd-db-debug 183
- 3.4.1.19. nsslapd-db-verbose 189
- 3.4.1.20. nsslapd-dbncache 189
- 3.4.1.21. nsslapd-directory 190
- 3.4.1.24. nsslapd-mode 192
- 3.4.3.1. nsslapd-cachesize 193
- 3.4.3.2. nsslapd-cachememsize 194
- 3.4.3.3. nsslapd-directory 194
- 3.4.3.4. nsslapd-readonly 195
- 3.4.3.6. nsslapd-suffix 195
- 3.4.3.7. vlvBase 196
- 3.4.3.8. vlvEnabled 196
- 3.4.3.9. vlvFilter 197
- 3.4.3.11. vlvScope 198
- 3.4.3.13. vlvSort 199
- 3.4.3.14. vlvUses 199
- 3.4.5.1. cn 202
- 3.4.5.2. description 203
- 3.4.5.3. nsIndex 203
- 3.4.5.4. nsIndexType 204
- 3.4.5.5. nsMatchingRule 204
- 3.4.5.6. nsSystemIndex 205
- 3.4.7.1. nsSubStrBegin 206
- 3.4.7.2. nsSubStrEnd 207
- 3.4.7.3. nsSubStrMiddle 207
- 3.5.1.2. nsMaxResponseDelay 210
- 3.5.2.3. nsBindRetryLimit 212
- 3.5.2.4. nsBindTimeout 213
- 3.5.2.5. nsCheckLocalACI 213
- 3.5.2.8. nsConnectionLife 214
- 3.5.2.12. nsSizeLimit 215
- 3.5.2.13. nsTimeLimit 215
- 3.5.3.1. nsBindMechanism 216
- 3.5.3.2. nsFarmServerURL 217
- 3.5.3.3. nsMultiplexorBindDn 217
- 3.5.3.5. nshoplimit 218
- 3.5.3.6. nsUseStartTLS 218
- 3.6.1. nsslapd-changelogdir 220
- 3.7.1. dnaFilter 221
- 3.7.2. dnaMagicRegen 221
- 3.7.3. dnaMaxValue 222
- 3.7.4. dnaNextRange 222
- 3.7.5. dnaNextValue 223
- 3.7.6. dnaPrefix 223
- 3.7.7. dnaRangeRequestTimeout 223
- 3.7.8. dnaScope 224
- 3.7.9. dnaSharedCfgDN 224
- 3.7.10. dnaThreshold 225
- 3.7.11. dnaType 225
- 3.8.1. memberofattr 226
- 3.8.2. memberofgroupattr 226
- 4.2. Backup Files 228
- 4.3. Configuration Files 228
- 4.4. Database Files 228
- 4.5. LDIF Files 230
- 4.6. Lock Files 230
- 4.7. Log Files 231
- 4.8. PID Files 231
- 4.9. Tools 231
- 4.10. Scripts 232
- Log File Reference 233
- 5.1.1. Access Logging Levels 234
- Connection Number 235
- File Descriptor 235
- Slot Number 235
- Operation Number 235
- Method Type 236
- Version Number 236
- Error Number 236
- Tag Number 236
- Number of Entries 237
- Elapsed Time 237
- LDAP Request Type 237
- LDAP Response Type 238
- Unindexed Search Indicator 238
- VLV-Related Entries 238
- Search Scope 239
- Extended Operation OID 239
- Change Sequence Number 240
- Abandon Message 240
- Message ID 240
- SASL Multi-Stage Bind Logging 241
- Connection Description 242
- Options Description 242
- 5.2. Error Log Reference 243
- 5.2.2. Error Log Content 245
- 5.3. Audit Log Reference 249
- 5.4. LDAP Result Codes 251
- Chapter 5. Log File Reference 252
- Table 5.5. LDAP Result Codes 252
- Command-Line Utilities 253
- 6.4. ldapsearch 254
- -h mozilla 257
- -w diner892 257
- Persistent Search Options 258
- SSL Options 259
- -P /security/cert.db 260
- SASL Options 261
- Additional ldapsearch Options 266
- -f search_filters 267
- -S sn -S givenname 269
- 6.5. ldapmodify 270
- -f modify_statements 271
- -h cyclops 271
- Additional ldapmodify Options 274
- 6.6. ldapdelete 276
- -w mypassword 277
- Additional ldapdelete Options 280
- 6.7. ldappasswd 281
- General ldappasswd Options 282
- -N Server-Cert 283
- -W serverpassword 284
- Examples 286
- 6.8. ldif 287
- 6.9. dbscan 288
- Command-Line Scripts 291
- 7.3. Shell Scripts 293
- 7.3.7. ds_removal 299
- 7.3.8. ldif2db (Import) 300
- -g deterministic namespace_id 301
- Configuration File Format 303
- Exit Status 305
- Configuration) 306
- 7.4. Perl Scripts 308
- 7.4.7. ldif2db.pl (Import) 314
- -g deterministic namespaceId 315
- 7.4.9. migrate-ds.pl 319
- 7.4.10. migrate-ds-admin.pl 322
- Password Policy) 326
- 7.4.15. register-ds-admin.pl 327
- 7.4.16. remove-ds.pl 327
- 7.4.19. setup-ds.pl 331
- 7.4.20. setup-ds-admin.pl 333
- Glossary 343
Related products and manuals for Software Red Hat 8.1
(156 pages)© 2020, manymanuals.com. All rights reserved. | 1.042 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals