2.3.1.93 nsslapd-schemareplace

Determines whether modify operations that replace attribute values are allowed on the cn=schema entry.

The default setting allows only the replication protocol to perform a complete schema replacement; normal clients are limited to adding and deleting individual schema definitions. HP recommends that the default setting not be modified.

Parameter

Description

Entry DN

cn=config

Valid Values

on or off or replication-only

Default Value

replication-only

Syntax

DirectoryString

Example

nsslapd-schemareplace: replication-only

2.3.1.94 nsslapd-securelistenhost

This attribute allows multiple Directory Server instances to run on a multihomed machine (or makes it possible to limit listening to one interface of a multihomed machine). There can be multiple IP addresses associated with a single host name, and these IP addresses can be a mix of both IPv4 and IPv6. This parameter can be used to restrict the Directory Server instance to a single IP interface; this parameter also specifically sets what interface to use for TLS/SSL traffic rather than regular LDAP connections.

If a host name is given as the nsslapd-securelistenhostvalue, then the Directory Server responds to requests for every interface associated with the host name. If a single IP interface (either IPv4 or IPv6) is given as the nsslapd-securelistenhostvalue, Directory Server only responds to requests sent to that specific interface. Either an IPv4 or IPv6 address can be used.

The server has to be restarted for changes to this attribute to go into effect.

Parameter

Description

Entry DN

cn=config

Valid Values

Any secure host name, IPv4 or IPv6 address

Default Value

 

Syntax

DirectoryString

Example

nsslapd-securelistenhost: ldaps.example.com

2.3.1.95 nsslapd-securePort (Encrypted port number)

This attribute sets the TCP/IP port number used for TLS/SSL communications. This selected port must be unique on the host system; make sure no other application is attempting to use the same port number. Specifying a port number of less than 1024 requires that Directory Server be started as root. The server sets its effective user to the nsslapd-localuservalue after startup.

The server only listens to this port if it has been configured with a private key and a certificate, and nsslapd-securityis set to on; otherwise, it does not listen on this port.

2.3 Core server configuration attributes reference

59

Page 59
Image 59
HP UX Identity Security Software Nsslapd-schemareplace, Nsslapd-securelistenhost, Nsslapd-securePort Encrypted port number