HP UX Identity Security Software manual 36

In the 3-digit number, the first digit represents the owner's permissions, the second digit represents the group's permissions, and the third digit represents everyone's permissions. When changing the default value, remember that 000 does not allow access to the logs and that allowing write permissions to everyone can result in the logs being overwritten or deleted by anyone.

The newly configured access mode takes effect immediately for any open log file, as well as for any log files that are created subsequently.

NOTE:

Any umask set for the runtime user of the Directory Server causes the effective mode to be more restrictive.

2.3.1.34 nsslapd-certdir (Certificate and key database directory)

This is the full path to the directory holding the certificate and key databases for a Directory Server instance. This directory must contain only the certificate and key databases for this instance and no other instances. This directory must be owned and allow read-write access for the server user ID. No other user should have read or right access to this directory. The default location is the configuration file directory, /etc/opt/dirsrv/slapd-instance_name.

Changes to this value will not take effect until the server is restarted.

2.3.1.35 nsslapd-certmap-basedn (Certificate map search base)

This attribute can be used when client authentication is performed using SSL certificates in order to avoid limitations of the security subsystem certificate mapping, configured in the certmap.conf file. Depending on the certmap.conf configuration, the certificate mapping may be done using a directory subtree search based at the root DN. If the search is based at the root DN, then the nsslapd-certmap-basednattribute may force the search to be based at some entry other than the root. The valid value for this attribute is the DN of the suffix or subtree

36 Core server configuration reference