Manuals / Brands / Computer Equipment / Software / HP / Computer Equipment / Software

HP UX Identity Security Software 2.3.3 cn=encryption,cn=config

1 272

Download 272 pages, 2.51 Mb

2.3.2.2 nsslapd-changelogmaxage (Max changelog age)

This attribute sets the maximum age of any entry in the changelog. The changelog contains a record for each directory modification and is used when synchronizing consumer servers. Each record contains a timestamp. Any record with a timestamp that is older than the value specified in this attribute is removed. If this attribute is absent, there is no age limit on changelog records. For information on the changelog, see “nsslapd-changelogdir”.

The server has to be restarted for changes to this attribute to go into effect.

Parameter	Description
Entry DN	cn=changelog5,cn=config

Valid Range	0 (meaning that entries are not removed according to their age) to maximum 32-bit integer
	(2147483647)

Default Value	0

Syntax	DirectoryString IntegerAgeID where AgeID is s for seconds, m for minutes, h for hours,
	d for days, and w for weeks

Example	nsslapd-changelogmaxage: 30d

2.3.2.3 nsslapd-changelogmaxentries (Max changelog records)

This attribute sets the maximum number of records the changelog may contain. If this attribute is absent, there is no maximum number of records the changelog can contain. For information on the changelog, see “nsslapd-changelogdir”.

The server has to be restarted for changes to this attribute to go into effect.

Parameter	Description
Entry DN	cn=changelog5,cn=config

Valid Range	0 (meaning that the only maximum limit is the disk size) to maximum 32-bit integer
	(2147483647)

Default Value	0

Syntax	Integer

Example	nsslapd-changelogmaxentries: 5000

2.3.3 cn=encryption,cn=config

Encryption related attributes are stored under the cn=encryption,cn=config entry. The cn=encryption,cn=config entry is an instance of the nsslapdEncryptionConfig object class.

2.3.3.1 nssslsessiontimeout

This attribute sets the lifetime duration of a TLS/SSL. The minimum timeout value is 5 seconds. If a smaller value is set, then it is automatically replaced by 5 seconds. A value greater than the maximum value in the valid range below is replaced by the maximum value in the range.

The server has to be restarted for changes to this attribute to go into effect.

Parameter	Description
Entry DN	cn=encryption,cn=config

Valid Range	5 seconds to 24 hours

Default Value	0, which means use the maximum value in the valid range above.

2.3 Core server configuration attributes reference

73

Contents

Page Page Table of Contents Page Page Page Page Page Page 4 Server instance file reference 5 Log file reference Command-line utilities scripts 8 Support and other resources A Using the ns-slapd command-line Glossary Index Page 1 Introduction 1.1Directory Server configuration 1.2 Directory Server instance file reference 1.3 Using Directory Server command-lineutilities 1.4 Using Directory Server command-linescripts 2 Core server configuration reference 2.1 Overview of the Directory Server configuration Page 2.1.2 How the server configuration is organized 2.2 Accessing and modifying server configuration 2.2.2 Changing configuration attributes 2.3Core server configuration attributes reference 2.3.1 cn=config Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page 2.3.2 cn=changelog5,cn=config 2.3.3 cn=encryption,cn=config Page 2.3.4 cn=features,cn=config 2.3.5cn=mapping tree,cn=config 2.3.6Suffix configuration attributes under cn="suffixName Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page 2.3.10 cn=monitor Page 2.3.11cn=replication 2.3.12 cn=SNMP,cn=config Page 2.3.13 SNMP statistic attributes 2.3.14cn=tasks,cn=config Page Page Page Page Page Page Page Page Page Page Page Page Page 2.3.15 cn=uniqueid generator,cn=config Page 3 Plug-inimplemented server functionality reference 3.1 Server plug-infunctionality reference 3.1.2 ACL plug-in 3.1.3 ACL preoperation plug-in 3.1.4 Attribute uniqueness plug-in 3.1.5 Binary syntax plug-in 3.1.6 Boolean syntax plug-in 3.1.7 Case exact string syntax plug-in 3.1.8 Case ignore string syntax plug-in 3.1.9 Chaining database plug-in 3.1.10 Class of service plug-in 3.1.11 Country string syntax plug-in 3.1.12 Distinguished name syntax plug-in 3.1.13 Distributed numeric assignment plug-in 3.1.14 Generalized time syntax plug-in 3.1.15 HTTP client plug-in 3.1.16 Integer syntax plug-in 3.1.17 Internationalization plug-in 3.1.18 JPEG syntax plug-in 3.1.19 ldbm database plug-in 3.1.20 Legacy replication plug-in 3.1.21 MemberOf plug-in 3.1.22 Multi-masterreplication plug-in 3.1.23 Octet string syntax plug-in 3.1.24 OID syntax plug-in 3.1.25 Password Storage Schemes 3.1.26 Postal address string syntax plug-in 3.1.27 PTA plug-in 3.1.28 Referential integrity postoperation plug-in 3.1.29 Retro Changelog plug-in 3.1.30 Roles plug-in 3.1.31 Schema reload plug-in 3.1.32 Space insensitive string syntax plug-in 3.1.33 State change plug-in 3.1.34 Telephone syntax plug-in 3.1.35 URI syntax plug-in 3.1.36 Views plug-in 3.2 List of attributes common to all plug-ins 3.2.2 nsslapd-pluginInitfunc 3.2.3 nsslapd-pluginType 3.2.4 nsslapd-pluginEnabled 3.2.5 nsslapd-pluginId 3.3 Attributes allowed by certain plug-ins 3.3.2 nsslapd-pluginLoadGlobal 3.3.3 nsslapd-plugin-depends-on-type 3.3.4 nsslapd-plugin-depends-on-named 3.4 Database plug-inattributes Page Page Page Page Page Page Page Page Page Page Page Database attributes under cn=monitor, cn=ldbm database, cn=plugins, cn=config Page Page Page Page Page Page Page Page 3.5 Database link plug-inattributes (chaining attributes) Page Page Page Page Page Page Page Page 3.6 Retro changelog plug-inattributes 3.7 Distributed numeric assignment plug-inattributes 3.7.3 dnaMaxValue 3.7.4 dnaNextRange 3.7.5 dnaNextValue 3.7.6 dnaPrefix 3.7.7 dnaRangeRequestTimeout 3.7.8 dnaScope 3.7.9 dnaSharedCfgDN 3.7.10 dnaThreshold 3.8 MemberOf plug-inattributes 3.9 Account policy plug-inattributes 4 Server instance file reference 4.1 Overview of Directory Server files 4.2 Backup files 4.3Configuration files 4.4 Database files Page 4.5 LDIF files 4.6 Lock files 4.7 Log files 4.8PID files 4.9 Tools 4.10 Scripts 5 Log file reference 5.1 Access log reference 5.1.2 Default access logging content Page Page Page Page 5.1.3 Access log content for additional access logging levels 5.1.4 Common connection codes 5.2 Error log reference 5.2.2 Error log content 5.2.3 Error log content for other log levels Page Page 5.3 Audit log reference 5.4 LDAP result codes Page 6 Command-lineutilities 6.1 Finding and executing command-lineutilities 6.2 Using special characters 6.3 Command-lineutilities quick reference 6.4 ldapsearch Page 6.4.3 Persistent search options 6.4.4 ldapsearch SSL options 6.4.5 ldapsearch SASL options Page Page Page Page Page 6.4.6 Additional ldapsearch options Page 6.5 ldapmodify 6.5.3 ldapmodify SSL options 6.5.4 ldapmodify SASL options 6.6 ldapdelete 6.6.1ldapdelete syntax 6.6.2 Commonly-usedldapdelete options 6.6.3 ldapdelete SSL options 6.6.4 ldapdelete SASL options 6.7 ldappasswd 6.7.2 ldappasswd-specificoptions 6.7.3 General ldappasswd options 6.7.4 ldappasswd SASL options 6.7.5 ldappasswd examples 6.8ldif 6.9 dbscan 6.9.2 dbscan options 6.9.3 dbscan examples Page 7 Command-linescripts 7.1 Finding and executing command-linescripts 7.2 Command-linescripts quick reference 7.3 Shell scripts 7.3.1 bak2db (Restores a database from backup) 7.3.2 cl-dump(Dumps and decodes the changelog) 7.3.3 dbverify (Checks for corrupt databases) 7.3.4 db2bak (Creates a backup of a database) 7.3.5 db2ldif (Exports database contents to LDIF) 7.3.6 db2index (Reindexes database index files) 7.3.7 ldif2db (Import) 7.3.8 ldif2ldap (Performs import operation over LDAP) 7.3.9 pwdhash (Prints encrypted passwords) 7.3.10 monitor (Retrieves monitoring information) 7.3.11 repl-monitor(Monitors replication status) Page 7.3.12 restart-slapd(Restarts the Directory Server) 7.3.13 restoreconfig (Restores Administration Server configuration) 7.3.14 saveconfig (Saves Administration Server configuration) 7.3.15 start-slapd(Starts the Directory Server) 7.3.16 stop-slapd(Stops the Directory Server) 7.3.17 suffix2instance (Maps a suffix to a backend name) 7.3.18 vlvindex (Creates virtual list view indexes) 7.4 Perl scripts 7.4.2 cl-dump.pl(Dumps and decodes the changelog) 7.4.3 db2bak.pl (Creates a backup of a database) 7.4.4 db2index.pl (Creates and generates indexes) 7.4.5 db2ldif.pl (Exports database contents to LDIF) 7.4.6 fixup-memberof.pl(Regenerate memberOf attributes) 7.4.7 ldif2db.pl (Import) 7.4.8 logconv.pl (Log converter) Page 7.4.9 ns-accountstatus.pl(Establishes account status) 7.4.10 ns-activate.pl(Activates an entry or group of entries) 7.4.11 ns-inactivate.pl(Inactivates an entry or group of entries) 7.4.12 ns-newpwpolicy.pl(Adds attributes for fine-grainedpassword policy) 7.4.13 repl-monitor.pl(Monitors replication status) Page 7.4.14 schema-reload.pl(Reload schema files dynamically) 7.4.15 verify-db.pl(Check for corrupt databases) Page 8 Support and other resources 8.1 Contacting HP 8.2 Related information 8.3 Typographic conventions Page A Using the ns-slapd command-lineutilities A.1 Overview of ns-slapd A.2 Finding and executing the ns-slapd command-lineutilities A.3 Utilities for exporting databases: db2ldif A.4 Utilities for restoring and backing up databases: ldif2db A.5 Utilities for restoring and backing up databases: archive2db A.6 Utilities for restoring and backing up databases: db2archive A.7 Utilities for creating and regenerating indexes: db2index Page Glossary Page Page Page Page Page Page Page Page Page Index