2.2.2.2 Restrictions to modifying configuration entries and attributes

Certain restrictions apply when modifying server entries and attributes:

The cn=monitor entry and its child entries are read-only and cannot be modified, except to manage ACIs.

If an attribute is added to cn=config, the server ignores it.

If an invalid value is entered for an attribute, the server ignores it.

Because the ldapdelete command is used for deleting an entire entry, use the ldapmodify command to remove an attribute from an entry.

2.2.2.3Configuration changes requiring server restart

Some configuration attributes cannot be altered while the server is running. In these cases, for the changes to take effect, the server needs to be shut down and restarted. The modifications should be made either through the Directory Server Console or by manually editing the dse.ldif file. Some of the attributes that require a server restart for any changes to take effect are listed below.

nsslapd-cachesize

nsslapd-certdir

nsslapd-dbcachesize

nsslapd-dbncache

nsslapd-plugin

nsslapd-changelogdir

nsslapd-changelogmaxage

nsslapd-changelogmaxentries

nsslapd-port

nsslapd-schemadir

nsslapd-saslpath

nsslapd-secureport

nsslapd-tmpdir

nsSSL2

nsSSL3

nsSSLclientauth

nsSSLSessionTimeout

nsslapd-conntablesize

nsslapd-lockdir

nsslapd-maxdescriptors

nsslapd-reservedescriptors

nsslapd-listenhost

nsslapd-schema-ignore-trailing-spaces

nsslapd-securelistenhost

nsslapd-workingdir

nsslapd-return-exact-case

This list is not exhaustive; to see a complete list, run the ldapsearch command and search for the nsslapd-requiresrestartattribute. For example:

#ldapsearch -p 389 -D "cn=directory manager" \ -w password -s sub -b "cn=config" \ "(objectclass=*)" grep nsslapd-requiresrestart

2.3Core server configuration attributes reference

This section contains reference information on the configuration attributes that are relevant to the core server functionality. For information on changing server configuration, see “Accessing and modifying server configuration”. For a list of server features that are implemented as plug-ins, see “Server plug-in functionality reference”. For help with implementing custom server functionality, contact HP support.

The configuration information stored in the dse.ldif file is organized as an information tree under the general configuration entry cn=config, as shown in . Figure 2-1

22 Core server configuration reference

Page 22
Image 22
HP UX Identity Security Software manual Core server configuration attributes reference