Attributes

cn

Description
This is the X.500 common Name attribute, which contains a name of an object.
Syntax
Directory string
Maximum Length
256
Value
Multi-valued

ibm-slapdACIMechanism

Description
Determines which ACL model the server uses. (Supported only on i5/OS and OS/400 as of v3.2, ignored on other platforms.)
  • 1.3.18.0.2.26.1 = IBM SecureWay v3.1 ACL model
  • 1.3.18.0.2.26.2 = IBM SecureWay v3.2 ACL model
Default
1.3.18.0.2.26.2 = IBM SecureWay v3.2 ACL model
Syntax
Directory string
Maximum Length
256
Value
Multi-valued.

ibm-slapdACLAccess

Description
Controls whether access to ACLs is enabled. If set to TRUE, access to ACLs is enabled. If set to FALSE, access to ACLs is disabled.
Default
TRUE
Syntax
Boolean
Maximum Length
5
Value
Single-valued

ibm-slapdACLCache

Description
Controls whether or not the server caches ACL information.
  • If set to TRUE, the server caches ACL information.
  • If set to FALSE, the server does not cache ACL information.
Default
TRUE
Syntax
Boolean
Maximum Length
5
Value
Single-valued

ibm-slapdACLCacheSize

Description
Maximum number of entries to keep in the ACL Cache.
Default
25000
Syntax
Integer
Maximum Length
11
Value
Single-valued

ibm-slapdAdminDN

Description
The administrator bind DN for Directory Server.
Default
cn=root
Syntax
DN
Maximum Length
Unlimited
Value
Single-valued

Start of changeibm-slapdAdminGroupEnabledEnd of change

Start of change
Description
Specifies whether the Administrative Group is currently enabled. If set to TRUE, the server will allow users in the administrative group to log in.
Default
FALSE
Syntax
Boolean
Maximum Length
128
Value
Single-valued
End of change

ibm-slapdAdminPW

Description
The administrator bind Password for Directory Server.
Default
secret
Syntax
Binary
Maximum Length
128
Value
Single-valued

Start of changeibm-slapdAllowAnonEnd of change

Start of change
Description
Specifies if anonymous binds are allowed.
Default
True
Syntax
Boolean
Maximum Length
128
Value
Single-valued
End of change

Start of changeibm-slapdAllReapingThresholdEnd of change

Description
Specifies a number of connections to maintain in the server before connection management is activated.
Default
1200
Syntax
Directory string with case-exact matching.
Maximum Length
1024
Value
Single-valued

Start of changeibm-slapdAnonReapingThresholdEnd of change

Description
Specifies a number of connections to maintain in the server before connection management of anonymous connections is activated.
Default
0
Syntax
Directory string with case-exact matching.
Maximum Length
1024
Value
Single-valued

Start of changeibm-slapdBoundReapingThresholdEnd of change

Start of change
Description
Specifies a number of connections to maintain in the server before connection management of anonymous and bound connections is activated.
Default
1100
Syntax
Directory string with case-exact matching.
Maximum Length
1024
Value
Single-valued
End of change

ibm-slapdBulkloadErrors

Description
File path or device on ibmslapd host machine to which bulkload error messages will be written.
Default
/var/bulkload.log
Syntax
Directory string with case-exact matching
Maximum Length
1024
Value
Single-valued

Start of changeibm-slapdCachedAttributeEnd of change

Start of change
Description
Contains the names of the attributes to be cached in the attribute cache, one attribute name per value.
Default
None
Syntax
Directory string
Maximum Length
256
Value
Multi-valued
End of change

Start of changeibm-slapdCachedAttributeAutoAdjustEnd of change

Start of change
Description
Controls whether the server will automatically adjust the attribute caches at configured time intervals defined in ibm-slapdCachedAttributeAutoAdjustTime and ibm-slapdCachedAttributeAutoAdjustTimeInterval.
Default
FALSE
Syntax
Boolean
Maximum Length
5
Value
Single-valued
End of change

Start of changeibm-slapdCachedAttributeAutoAdjustTimeEnd of change

Start of change
Description
When ibm-slapdCachedAttributeAutoAdjust is set to TRUE, controls the time at which the server begins to adjust attribute caches automatically. 
Minimum = T000000
Maximum = T235959
Default
T000000
Syntax
Military time
Maximum Length
7
Value
Single-valued
End of change

Start of changeibm-slapdCachedAttributeAutoAdjustTimeIntervalEnd of change

Start of change
Description
When ibm-slapdCachedAttributeAutoAdjust is set to TRUE, controls the time interval between automatic adjustments of the attribute cache. 
Minimum = 1
Maximum = 24
Default
2
Syntax
Integer
Maximum Length
2
Value
Single-valued
End of change

Start of changeibm-slapdCachedAttributeSizeEnd of change

Description
Amount of memory, in bytes, that can be used by the attribute cache. A value of 0 indicates not use an attribute cache.
Default
0
Syntax
Integer
Maximum Length
11
Value
Single-valued.

ibm-slapdChangeLogMaxEntries

Description
This attribute is used by a change log plug-in to specify the maximum number of change log entries allowed in the RDBM database. Each change log has its own changeLogMaxEntries attribute. 
Minimum = 0 (unlimited)
Maximum = 2,147,483,647 (32-bit, signed integer)
Default
0
Syntax
Integer
Maximum Length
11
Value
Single-valued

ibm-slapdCLIErrors

Description
File path or device on ibmslapd host machine to which CLI error messages will be written.
Default
/var/db2cli.log
Syntax
Directory string with case-exact matching
Maximum Length
1024
Value
Single-valued

ibm-slapdConcurrentRW

Description
Setting this to TRUE allows searches to proceed simultaneously with updates. It allows for 'dirty reads', that is, results that might not be consistent with the committed state of the database.
Attention: This attribute is deprecated.
Default
FALSE
Syntax
Boolean
Maximum Length
5
Value
Single-valued

ibm-slapdDB2CP

Description
Specifies the code page of the directory database. 1208 is the code page for UTF-8 databases.
Syntax
Directory string with case-exact matching
Maximum Length
11
Value
Single-valued

ibm-slapdDBAlias

Description
The DB2 database alias.
Syntax
Directory string with case-exact matching
Maximum Length
8
Value
Single-valued

ibm-slapdDbConnections

Description
Specify the number of DB2 connections the server will dedicate to the DB2 backend. The value must be between 5 & 50 (inclusive).
Note:
ODBCCONS environment variable overrides the value of this directive.
If ibm-slapdDbConnections (or ODBCCONS) is less than 5 or greater than 50, the server will use 5 or 50 respectively. 1 additional connection will be created for replication (even if no replication is defined). 2 additional connections will be created for the change log (if change log is enabled).
Default
15
Syntax
Integer
Maximum Length
50
Value
Single-valued

ibm-slapdDbInstance

Description
Specifies the DB2 database instance for this backend.
Default
ldapdb2
Syntax
Directory string with case-exact matching
Maximum Length
8
Value
Single-valued
Note:
All ibm-slapdRdbmBackend objects must use the same ibm-slapdDbInstance, ibm-slapdDbUserID, ibm-slapdDbUserPW and DB2 character set.

ibm-slapdDbLocation

Description
The file system path where the backend database is located.
Syntax
Directory string with case-exact matching
Maximum Length
1024
Value
Single-valued

ibm-slapdDbName

Description
Specifies the DB2 database name for this backend.
Default
ldapdb2
Syntax
Directory string with case-exact matching
Maximum Length
8
Value
Single-valued

ibm-slapdDbUserID

Description
Specifies the user name with which to bind to the DB2 database for this backend.
Default
ldapdb2
Syntax
Directory string with case-exact matching
Maximum Length
8
Value
Single-valued
Note:
All ibm-slapdRdbmBackend objects must use the same ibm-slapdDbInstance ibm-slapdDbUserID, ibm-slapdDbUserPW and DB2 character set.

Start of changeibm-slapdDerefAliasesEnd of change

Start of change
Description
Maximum alias dereferencing level on search requests, regardless of any derefAliases that may have been specified on the client requests. Allowed values are never, find, search and always.
Default
always
Syntax
Directory string
Maximum Length
6
Value
Single-valued
End of change

ibm-slapdDbUserPW

Description
Specifies the user password with which to bind to the DB2 database for this backend. The password can be plain text or imask encrypted.
Default
ldapdb2
Syntax
Binary
Maximum Length
128
Value
Single-valued
Note:
All ibm-slapdRdbmBackend objects must use the same ibm-slapdDbInstance, ibm-slapdDbUserID, ibm-slapdDbUserPW and DB2 character set.

Start of changeibm-slapdDigestAdminUserEnd of change

Start of change
Description
Specifies the Digest MD5 User Name of the LDAP administrator or administrative group member. Used when MD5 Digest authentication is used to authenticate an administrator.
Default
None
Syntax
Directory string
Maximum Length
512
Value
Single-valued
End of change

Start of changeibm-slapdDigestAttrEnd of change

Start of change
Description
Overrides the default DIGEST-MD5 username attribute. The name of the attribute to use for DIGEST-MD5 SASL bind username lookup. If the value is not specified, the server uses uid.
Default
If not specified, the server uses uid.
Syntax
Directory string.
Maximum Length
64
Value
Single-valued
End of change

Start of changeibm-slapdDigestRealmEnd of change

Start of change
Description
Overrides the default DIGEST-MD5 realm. A string that can enable users to know which username and password to use, in case they might have different ones for different servers. Conceptually, it is the name of a collection of accounts that might include the users account. This string should contain at least the name of the host performing the authentication and might additionally indicate the collection of users who might have access. An example might be registered_users@gotham.news.example.com. If the attribute is not specified, the server uses the fully qualified hostname of the server.
Default
The fully qualified hostname of the server
Syntax
Directory string.
Maximum Length
1024
Value
Single-valued
End of change

ibm-slapdEnableEventNotification

Description
Specifies whether to enable Event Notification. It must be set to either TRUE or FALSE.

If set to FALSE, the server rejects all client requests to register event notifications with the extended result LDAP_UNWILLING_TO_PERFORM.

Default
TRUE
Syntax
Boolean
Maximum Length
5
Value
Single-valued

ibm-slapdEntryCacheSize

Description
Maximum number of entries to keep in the entry cache.
Default
25000
Syntax
Integer
Maximum Length
11
Value
Single-valued

ibm-slapdErrorLog

Description
Specifies the file path or device on the Directory Server machine to which error messages are written.
Default
/var/ibmslapd.log
Syntax
Directory string with case-exact matching
Maximum Length
1024
Value
Single-valued

Start of changeibm-slapdESizeThresholdEnd of change

Start of change
Description
Specifies the number of work items on the work queue before the Emergency thread is activated.
Default
50
Syntax
Integer
Maximum Length
1024
Value
Single-valued
End of change

Start of changeibm-slapdEThreadActivateEnd of change

Start of change
Description
Specifies which conditions will activate the Emergency Thread. Must be set to one of the following values:
S
Size only
T
Time only
SOT
Size or time
SAT
Size and time
Default
SAT
Syntax
String
Maximum Length
1024
Value
Single-valued
End of change

Start of changeibm-slapdEThreadEnableEnd of change

Start of change
Description
Specifies if the Emergency Thread is active.
Default
True
Syntax
Boolean
Maximum Length
1024
Value
Single-valued
End of change

Start of changeibm-slapdETimeThresholdEnd of change

Start of change
Description
Specifies the amount of time in minutes between items removed from the work queue before the Emergency thread is activated.
Default
5
Syntax
Integer
Maximum Length
1024
Value
Single-valued
End of change

ibm-slapdFilterCacheBypassLimit

Description
Search filters that match more than this number of entries will not be added to the Search Filter cache. Because the list of entry IDs that matched the filter are included in this cache, this setting helps to limit memory use. A value of 0 indicates no limit.
Default
100
Syntax
Integer
Maximum Length
11
Value
Single-valued

ibm-slapdFilterCacheSize

Description
Specifies the maximum number of entries to keep in the Search Filter Cache.
Default
25000
Syntax
Integer
Maximum Length
11
Value
Single-valued

ibm-slapdIdleTimeOut

Description
Maximum time to keep an LDAP connection open when there is no activity on the connection. The idle time for an LDAP connection is the time (in seconds) between the last activity on the connection and the current time. If the connection has expired, based on the idle time being greater than the value of this attribute, the LDAP server will clean up and end the LDAP connection, making it available for other incoming requests.
Default
300
Syntax
Integer
Length
11
Count
Single
Usage
Directory operation
User Modify
Yes
Access Class
Critical
Required
No

ibm-slapdIncludeSchema

Description
Specifies a file path on the Directory Server server machine containing schema definitions.
Default
  • /etc/V3.system.at
  • /etc/V3.system.oc
  • /etc/V3.config.at
  • /etc/V3.config.oc
  • /etc/V3.ibm.at
  • /etc/V3.ibm.oc
  • /etc/V3.user.at
  • /etc/V3.user.oc
  • /etc/V3.ldapsyntaxes
  • /etc/V3.matchingrules
Syntax
Directory string with case-exact matching
Maximum Length
1024
Value
Multi-valued

ibm-slapdKrbAdminDN

Description
Specifies the Kerberos ID of the LDAP administrator (for example, ibm-kn=admin1@realm1). Used when Kerberos authentication is used to authenticate the administrator when logged onto the Server Administration interface. This might be specified instead of or in addition to adminDN and adminPW.
Default
No preset default is defined.
Syntax
Directory string with case-exact matching
Maximum Length
128
Value
Single-valued

ibm-slapdKrbEnable

Description
Specifies whether the server supports Kerberos. It must be either TRUE or FALSE.
Default
TRUE
Syntax
Boolean
Maximum Length
5
Value
Single-valued

ibm-slapdKrbIdentityMap

Description
Specifies whether to use Kerberos identity mapping. It must be set to either TRUE or FALSE. If set to TRUE, when a client is authenticated with a Kerberos ID, the server searches for all local users with matching Kerberos credentials, and adds those user DNs to the bind credentials of the connection. This allows ACLs based on LDAP user DNs to still be usable with Kerberos.
Default
FALSE
Syntax
Boolean
Maximum Length
5
Value
Single-valued

ibm-slapdKrbKeyTab

Description
Specifies the LDAP server Kerberos keytab file. This file contains the LDAP server private key, that is associated with its Kerberos account. This file is to be protected (like the server SSL key database file).
Default
No preset default is defined.
Syntax
Directory string with case-exact matching
Maximum Length
1024
Value
Single-valued

ibm-slapdKrbRealm

Description
Specifies the Kerberos realm of the LDAP server. It is used to publish the ldapservicename attribute in the root DSE. Note that an LDAP server can serve as the repository of account information for multiple KDCs (and realms), but the LDAP server, as a kerberized server, can only be a member of a single realm.
Default
No preset default is defined.
Syntax
Directory string with case-insensitive matching
Maximum Length
256
Value
Single-valued

Start of changeibm-slapdLanguageTagsEnabledEnd of change

Start of change
Description
Whether or not the server should allow language tags. The value read from the ibmslapd.conf file for this attribute is FALSE, but, can be set to TRUE.
Default
FALSE
Syntax
Boolean
Maximum Length
5
Value
Single-valued
End of change

ibm-slapdLdapCrlHost

Description
Specifies the host name of the LDAP server that contains the Certificate Revocation Lists (CRLs) for validating client x.509v3 certificates. This parameter is needed when ibm-slapdSslAuth=serverclientauth and the client certificates have been issued for CRL validation.
Default
No preset default is defined.
Syntax
Directory string with case-insensitive matching
Maximum Length
256
Value
Single-valued

ibm-slapdLdapCrlPassword

Description
Specifies the password that server-side SSL uses to bind to the LDAP server that contains the Certificate Revocation Lists (CRLs) for validating client x.509v3 certificates. This parameter might be needed when ibm-slapdSslAuth=serverclientauth and the client certificates have been issued for CRL validation.
Note:
If the LDAP server holding the CRLs permits unauthenticated access to the CRLs (that is, anonymous access), then ibm-slapdLdapCrlPassword is not required.
Default
No preset default is defined.
Syntax
Binary
Maximum Length
128
Value
Single-valued

ibm-slapdLdapCrlPort

Description
Specifies the port used to connect to the LDAP server that contains the Certificate Revocation Lists (CRLs) for validating client x.509v3 certificates. This parameter is needed when ibm-slapdSslAuth=serverclientauth and the client certificates have been issued for CRL validation. (IP ports are unsigned, 16-bit integers in the range 1 - 65535)
Default
No preset default is defined.
Syntax
Integer
Maximum Length
11
Value
Single-valued

ibm-slapdLdapCrlUser

Description
Specifies the bindDN that the server-side SSL uses to bind to the LDAP server that contains the Certificate Revocation Lists (CRLs) for validating client x.509v3 certificates. This parameter might be needed when ibm-slapdSslAuth=serverclientauth and the client certificates have been issued for CRL validation.
Note:
If the LDAP server holding the CRLs permits unauthenticated access to the CRLs (that is, anonymous access), then ibm-slapdLdapCrlUser is not required.
Default
No preset default is defined.
Syntax
DN
Maximum Length
1000
Value
Single-valued

ibm-slapdMasterDN

Description
Specifies the bind DN of master server. The value must match the replicaBindDN in the replicaObject defined for the master server. When Kerberos is used to authenticate to the replica, ibm-slapdMasterDN must specify the DN representation of the Kerberos ID (for example, ibm-kn=freddy@realm1). When Kerberos is used, MasterServerPW is ignored.
Default
No preset default is defined.
Syntax
DN
Maximum Length
1000
Value
Single-valued

ibm-slapdMasterPW

Description
Specifies the bind password of master replica server. The value must match replicaBindDN in the replicaObject defined for the master server. When Kerberos is used to authenticate to the replica, ibm-slapdMasterDN must specify the DN representation of the Kerberos ID (for example, ibm-kn=freddy@realm1). When Kerberos is used, MasterServerPW is ignored.
Default
No preset default is defined.
Syntax
Binary
Maximum Length
128
Value
Single-valued

ibm-slapdMasterReferral

Description
Specifies the URL of the master replica server. For example: 
ldap://master.us.ibm.com
For security set to SSL only: 
 ldaps://master.us.ibm.com:636
For security set to none and using a nonstandard port: 
ldap://master.us.ibm.com:1389
Default
none
Syntax
Directory string with case-insensitive matching
Maximum Length
256
Value
Single-valued

ibm-slapdMaxEventsPerConnection

Description
Specifies the maximum number of event notifications which can be registered per connection. 
Minimum = 0 (unlimited)
Maximum = 2,147,483,647
Default
100
Syntax
Integer
Maximum Length
11
Value
Single-valued

ibm-slapdMaxEventsTotal

Description
Specifies the maximum total number of event notifications which can be registered for all connections. 
Minimum = 0 (unlimited)
Maximum = 2,147,483,647
Default
0
Syntax
Integer
Maximum Length
11
Value
Single-valued

ibm-slapdMaxNumOfTransactions

Description
Specifies the maximum number of transactions per server. 
Minimum = 0 (unlimited)
Maximum = 2,147,483,647
Default
20
Syntax
Integer
Maximum Length
11
Value
Single-valued

ibm-slapdMaxOpPerTransaction

Description
Specifies the maximum number of operations per transaction. 
Minimum = 0 (unlimited)
Maximum = 2,147,483,647
Default
5
Syntax
Integer
Maximum Length
11
Value
Single-valued

ibm-slapdMaxPendingChangesDisplayed

Description
Maximum number of pending changes to be displayed.
Default
200
Syntax
Integer
Maximum Length
11
Value
Single-valued

ibm-slapdMaxTimeLimitOfTransactions

Description
Specifies the maximum timeout value of a pending transaction in seconds. 
Minimum = 0 (unlimited)
Maximum = 2,147,483,647
Default
300
Syntax
Integer
Maximum Length
11
Value
Single-valued

ibm-slapdPagedResAllowNonAdmin

Description
Whether or not the server should allow non-Administrator bind for paged results requests on a search request. If the value read from the ibmslapd.conf file is FALSE, the server will process only those client requests submitted by a user with Administrator authority. If a client requests paged results for a search operation, does not have Administrator authority, and the value read from the ibmslapd.conf file for this attribute is FALSE, the server will return to the client with return code insufficientAccessRights; no searching or paging will be performed.
Default
FALSE
Syntax
Boolean
Length
5
Count
Single
Usage
directoryOperation
User Modify
Yes
Access Class
critical
Objectclass
ibm-slapdRdbmBackend
Required
No

ibm-slapdPagedResLmt

Description
Maximum number of outstanding paged results search requests allowed active simultaneously. Range = 0.... If a client requests a paged results operation, and a maximum number of outstanding paged results are currently active, then the server will return to the client with return code of busy; no searching or paging will be performed.
Default
3
Syntax
Integer
Length
11
Count
Single
Usage
directoryOperation
User Modify
Yes
Access Class
critical
Required
No
Objectclass
ibm-slapdRdbmBackend

ibm-slapdPageSizeLmt

Description
Maximum number of entries to return from search for an individual page when paged results control is specified, regardless of any pagesize that might have been specified on the client search request. Range = 0.... If a client has passed a page size, then the smaller value of the client value and the value read from ibmslapd.conf will be used.
Default
50
Syntax
Integer
Length
11
Count
Single
Usage
directoryOperation
User Modify
Yes
Access Class
critical
Required
No
Objectclass
ibm-slapdRdbmBackend

ibm-slapdPlugin

Description
A plugin is a dynamically loaded library which extends the capabilities of the server. An ibm-slapdPlugin attribute specifies to the server how to load and initialize a plug-in library. The syntax is: 
keyword filename init_function [args...]
The syntax is slightly different for each platform because of library naming conventions.

Most plug-ins are optional, but the RDBM backend plug-in is required for all RDBM backends.

Default
database /bin/libback-rdbm.dll rdbm_backend_init
Syntax
Directory string with case-exact matching
Maximum Length
2000
Value
Multi-valued

ibm-slapdPort

Description
Specifies the TCP/IP port used for non-SSL connections. It cannot have the same value as ibm-slapdSecurePort. (IP ports are unsigned, 16-bit integers in the range 1 - 65535.)
Default
389
Syntax
Integer
Maximum Length
5
Value
Single-valued

ibm-slapdPWEncryption

Description
Specifies the encoding mechanism for the user passwords before they are stored in the directory. It must be specified as none, imask, crypt, or sha (you must use the keyword sha in order to get SHA-1 encoding). The value must be set to none for the SASL cram-md5 bind to succeed.
Default
none
Syntax
Directory string with case-insensitive matching
Maximum Length
5
Value
Single-valued

ibm-slapdReadOnly

Description
This attribute is normally applied to only the Directory backend. It specifies whether the backend can be written to. It must be specified as either TRUE or FALSE. It defaults to FALSE if unspecified. If set to TRUE, the server returns LDAP_UNWILLING_TO_PERFORM (0x35) in response to any client request which changes data in the readOnly database.
Default
FALSE
Syntax
Boolean
Maximum Length
5
Value
Single-valued

ibm-slapdReferral

Description
Specifies the referral LDAP URL to pass back when the local suffixes do not match the request. It is used for superior referral (that is, the suffix is not within the naming context of the server).
Default
No preset default is defined.
Syntax
Directory string with case-exact matching
Maximum Length
32700
Value
Multi-valued

ibm-slapdReplDbConns

Description
Maximum number of database connections for use by replication.
Default
4
Syntax
Integer
Maximum Length
11
Value
Single-valued

ibm-slapdReplicaSubtree

Description
Identifies the DN of a replicated subtree
Syntax
DN
Maximum Length
1000
Value
Single-valued

ibm-slapdSchemaAdditions

Description
The ibm-slapdSchemaAdditions attribute is used to identify explicitly which file holds new schema entries. This is set by default to be /etc/V3.modifiedschema. If this attribute is not defined, the server reverts to using the last ibm-slapdIncludeSchema file as in previous releases.

Before Version 3.2, the last includeSchema entry in slapd.conf was the file to which any new schema entries were added by the server if it received an add request from a client. Normally the last includeSchema is the V3.modifiedschema file, which is an empty file installed just for this purpose.

Note:
The name modified is misleading, for it only stores new entries. Changes to existing schema entries are made in their original files.
Default
/etc/V3.modifiedschema
Syntax
Directory string with case-exact matching
Maximum Length
1024
Value
Single-valued

ibm-slapdSchemaCheck

Description
Specifies the schema checking mechanism for the add/modify/delete operation. It must be specified as V2, V3, or V3_lenient.
  • V2 - Retain v2 and v2.1 checking. Recommended for migration purpose.
  • V3 - Perform v3 checking.
  • V3_lenient - Not all parent object classes are needed. Only the immediate object class is needed when adding entries.
Default
V3_lenient
Syntax
Directory string with case-insensitive matching
Maximum Length
10
Value
Single-valued

ibm-slapdSecurePort

Description
Specifies the TCP/IP port used for SSL connections. It cannot have the same value as ibm-slapdPort. (IP ports are unsigned, 16-bit integers in the range 1 - 65535.)
Default
636
Syntax
Integer
Maximum Length
5
Value
Single-valued

ibm-slapdSecurity

Description
Start of changeEnables SSL and TLS connections. Must be none, SSL, SSLOnly, TLS, or SSLTLS.
  • none - The server listens on the nonsecure port only.
  • SSL - The server listens on both the SSL and the non-SSL ports. The secure port is the only means of using a secure connection.
  • SSLOnly - The server listens on the SSL port only.
  • TLS - The server only listens on the nonsecure port. The StartTLS extended operation is the only means of using a secure connection.
  • SSLTLS - The server listens on both the default and secure ports. The StartTLS extended operation can be used to get a secure connection over the default port, or the client can use the secure port directly. Sending a StartTLS over the secure port will return the message LDAP_OPERATIONS_ERROR.
End of change
Default
none
Syntax
Directory string with case-insensitive matching
Maximum Length
7
Value
Single-valued

ibm-slapdServerId

Description
Identifies the server for use in replication.
Syntax
IA5 String with case-sensitive matching
Maximum Length
240
Value
Single-valued

ibm-slapdSetenv

Description
The server runs putenv() for all values of ibm-slapdSetenv at startup to change the server runtime environment. Shell variables (like %PATH% or $LANG) are not expanded.
Default
No preset default is defined.
Syntax
Directory string with case-exact matching
Maximum Length
2000
Value
Multi-valued

ibm-slapdSizeLimit

Description
Specifies the maximum number of entries to return from search, regardless of any size limit that might have been specified on the client search request (Range = 0...). If a client has passed a limit, then the smaller value of the client values and the value read from ibmslapd.conf are used. If a client has not passed a limit and has bound as admin DN, the limit is considered unlimited. If the client has not passed a limit and has not bound as admin DN, then the limit is that which was read from the ibmslapd.conf file. 0 = unlimited.
Default
500
Syntax
Integer
Maximum Length
12
Value
Single-valued

ibm-slapdSortKeyLimit

Description
The maximum number of sort conditions (keys) that can be specified on a single search request. Range = 0.... If a client has passed a search request with more sort keys than the limit allows, and the sorted search control criticality is FALSE, then the server will honor the value read from the ibmslapd.conf file and ignore any sort keys encountered after the limit has been reached - searching and sorting will be performed. If a client has passed a search request with more keys than the limit allows, and the sorted search control criticality is TRUE, then the server will return to the client with a return code of adminLimitExceeded - no searching or sorting will be performed.
Default
3
Syntax
cis
Length
11
Count
Single
Usage
directoryOperation
User Modify
Yes
Access Class
critical
Objectclass
ibm-slapdRdbmBackend
Required
No

ibm-slapdSortSrchAllowNonAdmin

Description
Whether or not the server should allow non-Administrator bind for sort on a search request. If the value read from the ibmslapd.conf file is FALSE, the server will process only those client requests submitted by a user with Administrator authority. If a client requests sort for a search operation, does not have Administrator authority, and the value read from the ibmslapd.conf file for this attribute is FALSE, the server will return to the client with return code insufficientAccessRights - no searching or sorting will be performed.
Default
FALSE
Syntax
Boolean
Length
5
Count
Single
Usage
directoryOperation
User Modify
Yes
Access Class
critical
Objectclass
ibm-slapdRdbmBackend
Required
No

ibm-slapdSslAuth

Description
Specifies the authentication type for the ssl connection, either serverauth or serverclientauth.
  • serverauth - supports server authentication at the client. This is the default.
  • serverclientauth - supports both server and client authentication.
Default
serverauth
Syntax
Directory string with case-insensitive matching
Maximum Length
16
Value
Single-valued

ibm-slapdSslCertificate

Description
Specifies the label that identifies the server Personal Certificate in the key database file. This label is specified when the server private key and certificate are created with the gsk4ikm application. If ibm-slapdSslCertificate is not defined, the default private key, as defined in the key database file, is used by the LDAP server for SSL connections.
Default
No preset default is defined.
Syntax
Directory string with case-exact matching
Maximum Length
128
Value
Single-valued

ibm-slapdSslCipherSpec

Specifies the method of SSL encryption for clients accessing the server. Must be set to one of the following:

Table 7. Methods of SSL encryption
Attribute Encryption level
TripleDES-168 Triple DES encryption with a 168-bit key and a SHA-1 MAC
DES-56 DES encryption with a 56-bit key and a SHA-1 MAC
RC4-128-SHA RC4 encryption with a 128-bit key and a SHA-1 MAC
RC4-128-MD5 RC4 encryption with a 128-bit key and a MD5 MAC
RC2-40-MD5 RC4 encryption with a 40-bit key and a MD5 MAC
RC4-40-MD5 RC4 encryption with a 40-bit key and a MD5 MAC
AES AES encryption
Syntax
IA5 String
Maximum Length
30

ibm-slapdSslKeyDatabase

Description
Specifies the file path to the LDAP server SSL key database file. This key database file is used for handling SSL connections from LDAP clients, as well as for creating secure SSL connections to replica LDAP servers.
Default
/etc/key.kdb
Syntax
Directory string with case-exact matching
Maximum Length
1024
Value
Single-valued

ibm-slapdSslKeyDatabasePW

Description
Specifies the password associated with the LDAP server SSL key database file, as specified on the ibm-slapdSslKeyDatabase parameter. If the LDAP server key database file has an associated password stash file, then the ibm-slapdSslKeyDatabasePW parameter can be omitted, or set to none.
Note:
The password stash file must be located in the same directory as the key database file and it must have the same file name as the key database file, but with an extension of .sth instead of .kdb.
Default
none
Syntax
Binary
Maximum Length
128
Value
Single-valued

ibm-slapdSslKeyRingFile

Description
Path to the LDAP server's SSL key database file. This key database file is used for handling SSL connections from LDAP clients, as well as for creating secure SSL connections to replica LDAP servers.
Default
key.kdb
Syntax
Directory String with case-sensitive matching
Maximum Length
1024
Value
Single-valued

ibm-slapdSuffix

Description
Specifies a naming context to be stored in this backend.
Note:
This has the same name as the object class.
Default
No preset default is defined.
Syntax
DN
Maximum Length
1000
Value
Multi-valued

ibm-slapdSupportedWebAdmVersion

Description
This attribute defines the earliest version of the Web administration tool that supports this server of cn=configuration.
Default
Syntax
Directory String
Maximum Length
Value
Single-valued

ibm-slapdSysLogLevel

Description
Specifies the level at which debugging and operation statistics are logged in the slapd.errors file. It must be specified as l, m, or h.
  • h - high (provides the most information)
  • m - medium (the default)
  • l - low (provides the least information)
Default
m
Syntax
Directory string with case-insensitive matching
Maximum Length
1
Value
Single-valued

ibm-slapdTimeLimit

Description
Specifies the maximum number of seconds to spend on a search request, regardless of any time limit that might have been specified on the client request. If a client has passed a limit, then the smaller value of the client values and the value read from ibmslapd.conf are used. If a client has not passed a limit and has bound as admin DN, the limit is considered unlimited. If the client has not passed a limit and has not bound as admin DN, then the limit is that which was read from the ibmslapd.conf file. 0 = unlimited.
Default
900
Syntax
Integer
Maximum Length
Value
Single-valued

ibm-slapdTransactionEnable

Description
If the transaction plugin is loaded but ibm-slapdTransactionEnable is set to FALSE, the server rejects all StartTransaction requests with the response LDAP_UNWILLING_TO_PERFORM.
Default
TRUE
Syntax
Boolean
Maximum Length
5
Value
Single-valued

ibm-slapdUseProcessIdPw

Description
If set to TRUE, the server ignores the ibm-slapdDbUserID and the ibm-slapdDbUserPW attributes and uses its own process credentials to authenticate to DB2.
Default
FALSE
Syntax
Boolean
Maximum Length
5
Value
Single-valued

ibm-slapdVersion

Description
IBM Slapd version Number
Default
Syntax
Directory String with case-sensitive matching
Maximum Length
Value
Single-valued

Start of changeibm-slapdWriteTimeoutEnd of change

Start of change
Description
Specifies a timeout value in seconds for blocked writes. When the time limit is reached the connection will be dropped.
Default
120
Syntax
Integer
Maximum Length
1024
Value
Single-valued
End of change

objectClass

Description
The values of the objectClass attribute describe the kind of object which an entry represents.
Syntax
Directory string
Maximum Length
128
Value
Multi-valued