2.3.1.98
This attribute determines whether an
For example, in a replicated environment, messages similar to the following are logged in the supplier server's log files if it finds that the peer server's host name does not match the name specified in its certificate:
[DATE] - SSL alert: ldap_sasl_bind("",LDAP_SASL_EXTERNAL) 81 (Netscape runtime error
Unable to communicate securely with peer: requested domain name does not match the server's certificate.)
[DATE] NSMMReplicationPlugin - agmt="cn=SSL Replication Agreement to host1" (host1.example.com:636): Replication bind with SSL client authentication failed:
LDAP error 81 (Can't contact LDAP server)
HP recommends turning this attribute on to protect Directory Server's outbound SSL connections against a man in the middle (MITM) attack.
NOTE:
DNS and reverse DNS must be set up correctly in order for this to work; otherwise, the server cannot resolve the peer IP address to the host name in the subject DN in the certificate.
Parameter | Description |
Entry DN | cn=config |
|
|
Valid Values | on or off |
|
|
Default Value | on |
|
|
Syntax | DirectoryString |
|
|
Example | |
|
|
2.3.1.99
Defines the number of operation threads that the Directory Server creates at startup. The
Parameter | Description |
Entry DN | cn=config |
|
|
Valid Range | 1 to the maximum number of threads supported by the system |
|
|
Default Value | 30 |
|
|
Syntax | Integer |
|
|
Example | |
|
|
2.3.1.100
This attribute sets the maximum number of seconds allocated for a search request. If this limit is reached, Directory Server returns any entries it has located that match the search request, as well as an exceeded time limit error.
2.3 Core server configuration attributes reference | 61 |