Chapter 17. Using the Pass-through Authentication Plug-in

...

4.2. Specifying Multiple Authenticating Directory Servers

If the connection between the PTA Directory Server and the authenticating Directory Server is broken or the connection cannot be opened, the PTA Directory Server sends the request to the next server specified, if any. There can be multiple authenticating Directory Servers specified, as required, to provide failover if the first Directory Server is unavailable. All of the authentication Directory Server are set in the nsslapd-pluginarg0attribute. Multiple authenticating Directory Servers are listed in a space-separate list of host:port pairs. For example:

dn: cn=Pass Through Authentication,cn=plugins,cn=config

...

nsslapd-pluginEnabled: on

nsslapd-pluginarg0: ldap://configdir.example.com:389

config2dir.example.com:1389/o=NetscapeRoot

...

NOTE

The nsslapd-pluginarg0attribute sets the authentication Directory Server; additional nsslapd-pluginargNattributes can set additional suffixes for the PTA Plug-in to use, but not additional hosts.

4.3.Specifying One Authenticating Directory Server and Multiple Subtrees

The following example configures the PTA Directory Server to pass through bind requests for more than one subtree (using parameter defaults):

dn: cn=Pass Through Authentication,cn=plugins,cn=config

...

nsslapd-pluginEnabled: on

nsslapd-pluginarg0: ldap://configdir.example.com/o=NetscapeRoot

nsslapd-pluginarg1: ldap://configdir.example.com/dc=example,dc=com

...

4.4. Using Non-Default Parameter Values

This example uses a non-default value (10) only for the maximum number of connections parameter maxconns. Each of the other parameters is set to its default value. However, because one parameter is specified, all parameters must be defined explicitly in the syntax.

500

Page 520
Image 520
HP UX Red Hat Direry Server Software manual Specifying Multiple Authenticating Directory Servers