HP UX Identity Security Software 2.2.2 Changing configuration attributes

•Members of local Directory Administrators group.

•The SIE (Server Instance Entry) group, usually assigned using the Set Access Permissions process the main console.

For more information on access control, see the HP-UX Directory Server administrator guide.

Server attributes can be viewed and changed in one of three ways: through the Directory Server Console, by performing ldapsearch and ldapmodify commands, or by manually editing the dse.ldif file.

NOTE:

You must stop the server before editing the dse.ldif file; otherwise, the changes are lost. Editing the dse.ldif file is recommended only for changes to attributes which cannot be altered dynamically. See “Configuration changes requiring server restart” for further information.

The following sections describe how to modify entries using LDAP (both by using Directory Server Console and by using the command line), the restrictions that apply to modifying entries, the restrictions that apply to modifying attributes, and the configuration changes requiring restart.

2.2.2.1 Modifying configuration entries using LDAP

The configuration entries in the directory can be searched and modified using LDAP either through the Directory Server Console or by performing the ldapsearch and ldapmodify operations in the same way as other directory entries. The advantage of using LDAP to modify entries is changes can be made while the server is running.

For further information, see the chapter titled “Creating Directory Entries” in the HP-UX Directory Server administrator guide. However, certain changes do require the server to be restarted before they are taken into account. See “Configuration changes requiring server restart” for further information.

NOTE:

As with any set of configuration files, care should be taken when changing or deleting nodes in the cn=config subtree as this risks affecting Directory Server functionality.

The entire configuration, including attributes that are set to default values, can be viewed by performing an ldapsearch operation on the cn=config subtree:

#ldapsearch -b cn=config -D bindDN -w password

Where:

bindDN is the DN chosen for the Directory Manager when the server was installed (cn=Directory Manager by default).

password is the password chosen for the Directory Manager.

For more information on using the ldapsearch command, see “ldapsearch”.

To disable a plug-in, use the ldapmodify command to edit the nsslapd-pluginEnabled attribute:

#ldapmodify -D "cn=directory manager" -w password dn: cn=Telephone Syntax,cn=plugins,cn=config changetype: modify

replace: nsslapd-pluginEnabled

nsslapd-pluginEnabled: off