2.3.1.57 nsslapd-errorlog-mode (Error log file permission)

This attribute sets the access mode or file permissions with which error log files are to be created. The valid values are any combination of 000 to 777 because they mirror numbered or absolute UNIX file permissions. That is, the value must be a combination of a 3-digit number, the digits varying from 0 through 7:

Digit

Description

Digit

Description

0

None

4

Read only

1

Execute only

5

Read and execute

2

Write only

6

Read and write

3

Write and execute

7

Read, write, and execute

 

 

 

 

In the 3-digit number, the first digit represents the owner's permissions, the second digit represents the group's permissions, and the third digit represents everyone's permissions. When changing the default value, remember that 000 does not allow access to the logs and that allowing write permissions to everyone can result in the logs being overwritten or deleted by anyone.

The newly configured access mode takes effect immediately for any open log file, as well as for any log files that are created subsequently.

NOTE:

Any umask set for the runtime user of the Directory Server causes the effective mode to be more restrictive.

Parameter

Description

Entry DN

cn=config

 

 

Valid Range

000 through 777

 

 

Default Value

600

 

 

Syntax

Integer

 

 

Example

nsslapd-errorlog-mode: 600

 

 

2.3.1.58 nsslapd-groupevalnestlevel

This attribute is deprecated, and documented here only for historical purposes.

The Access Control Plug-in does not use the value specified by the nsslapd-groupevalnestlevelattribute to set the number of levels of nesting that access control performs for group evaluation. Instead, the number of levels of nesting is hard-coded as 5.

2.3.1.59 nsslapd-idletimeout (Default idle timeout)

This attribute sets the amount of time in seconds after which an idle LDAP client connection is closed by the server. A value of 0 means that the server never closes idle connections. This setting applies to all connections and all users. Idle timeout is enforced when the connection table is walked, when poll() does not return zero. Therefore, a server with a single idle connection never enforces the idle timeout.

2.3 Core server configuration attributes reference

45