HP UX Identity Security Software manual 59

2.3.1.93 nsslapd-schemareplace

Determines whether modify operations that replace attribute values are allowed on the cn=schema entry.

The default setting allows only the replication protocol to perform a complete schema replacement; normal clients are limited to adding and deleting individual schema definitions. HP recommends that the default setting not be modified.

2.3.1.94 nsslapd-securelistenhost

This attribute allows multiple Directory Server instances to run on a multihomed machine (or makes it possible to limit listening to one interface of a multihomed machine). There can be multiple IP addresses associated with a single host name, and these IP addresses can be a mix of both IPv4 and IPv6. This parameter can be used to restrict the Directory Server instance to a single IP interface; this parameter also specifically sets what interface to use for TLS/SSL traffic rather than regular LDAP connections.

If a host name is given as the nsslapd-securelistenhostvalue, then the Directory Server responds to requests for every interface associated with the host name. If a single IP interface (either IPv4 or IPv6) is given as the nsslapd-securelistenhostvalue, Directory Server only responds to requests sent to that specific interface. Either an IPv4 or IPv6 address can be used.

The server has to be restarted for changes to this attribute to go into effect.

2.3.1.95 nsslapd-securePort (Encrypted port number)

This attribute sets the TCP/IP port number used for TLS/SSL communications. This selected port must be unique on the host system; make sure no other application is attempting to use the same port number. Specifying a port number of less than 1024 requires that Directory Server be started as root. The server sets its effective user to the nsslapd-localuservalue after startup.

The server only listens to this port if it has been configured with a private key and a certificate, and nsslapd-securityis set to on; otherwise, it does not listen on this port.