2387 lines
77 KiB
HTML
2387 lines
77 KiB
HTML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="dc.language" scheme="rfc1766" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<meta name="dc.date" scheme="iso8601" content="2005-09-06" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow"/>
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<title>Directory Server (LDAP) - Attributes</title>
|
|
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
|
|
<link rel="stylesheet" type="text/css" href="ic.css" />
|
|
</head>
|
|
<body>
|
|
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->
|
|
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>
|
|
|
|
|
|
<a name="rzahyconfigsa"></a>
|
|
<h3 id="rzahyconfigsa">Attributes</h3>
|
|
<ul>
|
|
<li><a href="rzahyconfigsa.htm#cn">cn</a></li>
|
|
<li><a href="rzahyconfigsa.htm#acimech">ibm-slapdACIMechanism</a></li>
|
|
<li><a href="rzahyconfigsa.htm#aclacc">ibm-slapdACLAccess</a></li>
|
|
<li><a href="rzahyconfigsa.htm#aclcache">ibm-slapdACLCache</a></li>
|
|
<li><a href="rzahyconfigsa.htm#acchesiz">ibm-slapdACLCacheSize</a></li>
|
|
<li><a href="rzahyconfigsa.htm#addn">ibm-slapdAdminDN</a></li>
|
|
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#adgrpen">ibm-slapdAdminGroupEnabled</a><img src="deltaend.gif" alt="End of change" /></li>
|
|
<li><a href="rzahyconfigsa.htm#adpw">ibm-slapdAdminPW</a></li>
|
|
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#alanon">ibm-slapdAllowAnon</a><img src="deltaend.gif" alt="End of change" /></li>
|
|
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#allreap">ibm-slapdAllReapingThreshold</a><img src="deltaend.gif" alt="End of change" /></li>
|
|
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#anonreap">ibm-slapdAnonReapingThreshold</a><img src="deltaend.gif" alt="End of change" /></li>
|
|
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#bndreap">ibm-slapdBoundReapingThreshold</a><img src="deltaend.gif" alt="End of change" /></li>
|
|
<li><a href="rzahyconfigsa.htm#blkerr">ibm-slapdBulkloadErrors</a></li>
|
|
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#cachattr">ibm-slapdCachedAttribute</a><img src="deltaend.gif" alt="End of change" /></li>
|
|
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#cacheauto">ibm-slapdCachedAttributeAutoAdjust</a><img src="deltaend.gif" alt="End of change" /></li>
|
|
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#cacheautotime">ibm-slapdCachedAttributeAutoAdjustTime</a><img src="deltaend.gif" alt="End of change" /></li>
|
|
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#cacheautotimeint">ibm-slapdCachedAttributeAutoAdjustTimeInterval</a><img src="deltaend.gif" alt="End of change" /></li>
|
|
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#cachatsz">ibm-slapdCachedAttributeSize</a><img src="deltaend.gif" alt="End of change" /></li>
|
|
<li><a href="rzahyconfigsa.htm#clme">ibm-slapdChangeLogMaxEntries</a></li>
|
|
<li><a href="rzahyconfigsa.htm#clierr">ibm-slapdCLIErrors</a></li>
|
|
<li><a href="rzahyconfigsa.htm#crw">ibm-slapdConcurrentRW</a></li>
|
|
<li><a href="rzahyconfigsa.htm#db2cp">ibm-slapdDB2CP</a></li>
|
|
<li><a href="rzahyconfigsa.htm#dbalias">ibm-slapdDBAlias</a></li>
|
|
<li><a href="rzahyconfigsa.htm#dbcon">ibm-slapdDbConnections</a></li>
|
|
<li><a href="rzahyconfigsa.htm#dbinst">ibm-slapdDbInstance</a></li>
|
|
<li><a href="rzahyconfigsa.htm#dbloc">ibm-slapdDbLocation</a></li>
|
|
<li><a href="rzahyconfigsa.htm#dbname">ibm-slapdDbName</a></li>
|
|
<li><a href="rzahyconfigsa.htm#dbusrid">ibm-slapdDbUserID</a></li>
|
|
<li><a href="rzahyconfigsa.htm#dbusrid">ibm-slapdDbUserPW</a></li>
|
|
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#derefal">ibm-slapdDerefAliases</a><img src="deltaend.gif" alt="End of change" /></li>
|
|
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#digadmin">ibm-slapdDigestAdminUser</a><img src="deltaend.gif" alt="End of change" /></li>
|
|
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#digattr">ibm-slapdDigestAttr</a><img src="deltaend.gif" alt="End of change" /></li>
|
|
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#digrealm">ibm-slapdDigestRealm</a><img src="deltaend.gif" alt="End of change" /></li>
|
|
<li><a href="rzahyconfigsa.htm#een">ibm-slapdEnableEventNotification</a></li>
|
|
<li><a href="rzahyconfigsa.htm#entchsz">ibm-slapdEntryCacheSize</a></li>
|
|
<li><a href="rzahyconfigsa.htm#erlog">ibm-slapdErrorLog</a></li>
|
|
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#eszthr">ibm-slapdESizeThreshold</a><img src="deltaend.gif" alt="End of change" /></li>
|
|
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#ethract">ibm-slapdEThreadActivate</a><img src="deltaend.gif" alt="End of change" /></li>
|
|
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#ethrden">ibm-slapdEThreadEnable</a><img src="deltaend.gif" alt="End of change" /></li>
|
|
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#etime">ibm-slapdETimeThreshold</a><img src="deltaend.gif" alt="End of change" /></li>
|
|
<li><a href="rzahyconfigsa.htm#fltchbpl">ibm-slapdFilterCacheBypassLimit</a></li>
|
|
<li><a href="rzahyconfigsa.htm#fltchsz">ibm-slapdFilterCacheSize</a></li>
|
|
<li><a href="rzahyconfigsa.htm#idtmout">ibm-slapdIdleTimeOut</a></li>
|
|
<li><a href="rzahyconfigsa.htm#incsch">ibm-slapdIncludeSchema</a></li>
|
|
<li><a href="rzahyconfigsa.htm#krbadn"> ibm-slapdKrbAdminDN</a></li>
|
|
<li><a href="rzahyconfigsa.htm#krbe">ibm-slapdKrbEnable</a></li>
|
|
<li><a href="rzahyconfigsa.htm#krbim">ibm-slapdKrbIdentityMap</a></li>
|
|
<li><a href="rzahyconfigsa.htm#krbkey">ibm-slapdKrbKeyTab</a></li>
|
|
<li><a href="rzahyconfigsa.htm#krbrlm">ibm-slapdKrbRealm</a></li>
|
|
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#langtag">ibm-slapdLanguageTagsEnabled</a><img src="deltaend.gif" alt="End of change" /></li>
|
|
<li><a href="rzahyconfigsa.htm#crlh">ibm-slapdLdapCrlHost</a></li>
|
|
<li><a href="rzahyconfigsa.htm#crlpw">ibm-slapdLdapCrlPassword </a></li>
|
|
<li><a href="rzahyconfigsa.htm#crlport">ibm-slapdLdapCrlPort</a></li>
|
|
<li><a href="rzahyconfigsa.htm#crlusr">ibm-slapdLdapCrlUser</a></li>
|
|
<li><a href="rzahyconfigsa.htm#mastdn">ibm-slapdMasterDN</a></li>
|
|
<li><a href="rzahyconfigsa.htm#mastpw">ibm-slapdMasterPW</a></li>
|
|
<li><a href="rzahyconfigsa.htm#mastref"> ibm-slapdMasterReferral</a></li>
|
|
<li><a href="rzahyconfigsa.htm#mepc">ibm-slapdMaxEventsPerConnection</a></li>
|
|
<li><a href="rzahyconfigsa.htm#met">ibm-slapdMaxEventsTotal</a></li>
|
|
<li><a href="rzahyconfigsa.htm#mnot">ibm-slapdMaxNumOfTransactions</a></li>
|
|
<li><a href="rzahyconfigsa.htm#mopt">ibm-slapdMaxOpPerTransaction</a></li>
|
|
<li><a href="rzahyconfigsa.htm#mxpndch">ibm-slapdMaxPendingChangesDisplayed</a></li>
|
|
<li><a href="rzahyconfigsa.htm#mtlot">ibm-slapdMaxTimeLimitOfTransactions</a></li>
|
|
<li><a href="rzahyconfigsa.htm#pgesal">ibm-slapdPagedResAllowNonAdmin</a></li>
|
|
<li><a href="rzahyconfigsa.htm#pglmt">ibm-slapdPagedResLmt</a></li>
|
|
<li><a href="rzahyconfigsa.htm#pgslmt">ibm-slapdPageSizeLmt</a></li>
|
|
<li><a href="rzahyconfigsa.htm#plug">ibm-slapdPlugin</a></li>
|
|
<li><a href="rzahyconfigsa.htm#port">ibm-slapdPort</a></li>
|
|
<li><a href="rzahyconfigsa.htm#pwe">ibm-slapdPwEncryption</a></li>
|
|
<li><a href="rzahyconfigsa.htm#ro">ibm-slapdReadOnly</a></li>
|
|
<li><a href="rzahyconfigsa.htm#ref">ibm-slapdReferral</a></li>
|
|
<li><a href="rzahyconfigsa.htm#repdbcn">ibm-slapdReplDbConns</a></li>
|
|
<li><a href="rzahyconfigsa.htm#repsbtr">ibm-slapdReplicaSubtree</a></li>
|
|
<li><a href="rzahyconfigsa.htm#schadds">ibm-slapdSchemaAdditions</a></li>
|
|
<li><a href="rzahyconfigsa.htm#schchk">ibm-slapdSchemaCheck</a></li>
|
|
<li><a href="rzahyconfigsa.htm#secpt">ibm-slapdSecurePort</a></li>
|
|
<li><a href="rzahyconfigsa.htm#sec">ibm-slapdSecurity</a></li>
|
|
<li><a href="rzahyconfigsa.htm#srvid">ibm-slapdServerId</a></li>
|
|
<li><a href="rzahyconfigsa.htm#setenv">ibm-slapdSetenv</a></li>
|
|
<li><a href="rzahyconfigsa.htm#sizel">ibm-slapdSizeLimit</a></li>
|
|
<li><a href="rzahyconfigsa.htm#keylmt">ibm-slapdSortKeyLimit</a></li>
|
|
<li><a href="rzahyconfigsa.htm#srchal">ibm-slapdSortSrchAllowNonAdmin</a></li>
|
|
<li><a href="rzahyconfigsa.htm#ssla">ibm-slapdSslAuth</a></li>
|
|
<li><a href="rzahyconfigsa.htm#sslc">ibm-slapdSslCertificate</a></li>
|
|
<li><a href="rzahyconfigsa.htm#nsslcs">ibm-slapdSslCipherSpec</a></li>
|
|
<li><a href="rzahyconfigsa.htm#sslkd">ibm-slapdSslKeyDatabase</a></li>
|
|
<li><a href="rzahyconfigsa.htm#sslkdpw">ibm-slapdSslKeyDatabasePW </a></li>
|
|
<li><a href="rzahyconfigsa.htm#keyring">ibm-slapdSslKeyRingFile</a></li>
|
|
<li><a href="rzahyconfigsa.htm#suff">ibm-slapdSuffix </a></li>
|
|
<li><a href="rzahyconfigsa.htm#spwebadm">ibm-slapdSupportedWebAdmVersion</a></li>
|
|
<li><a href="rzahyconfigsa.htm#syslogl">ibm-slapdSysLogLevel </a></li>
|
|
<li><a href="rzahyconfigsa.htm#tl">ibm-slapdTimeLimit</a></li>
|
|
<li><a href="rzahyconfigsa.htm#transe">ibm-slapdTransactionEnable</a></li>
|
|
<li><a href="rzahyconfigsa.htm#upidpw">ibm-slapdUseProcessIdPw</a></li>
|
|
<li><a href="rzahyconfigsa.htm#vers">ibm-slapdVersion</a></li>
|
|
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#wrtmout">ibm-slapdWriteTimeout</a><img src="deltaend.gif" alt="End of change" /></li>
|
|
<li><a href="rzahyconfigsa.htm#objcl">objectClass </a></li></ul>
|
|
<a name="cn"></a>
|
|
<p id="cn"><span class="bold">cn</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>This is the X.500 common Name attribute, which contains a name of an
|
|
object.
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>256
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Multi-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="acimech"></a>
|
|
<p id="acimech"><span class="bold">ibm-slapdACIMechanism</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Determines which ACL model the server uses. (Supported only on i5/OS
|
|
and OS/400 as of v3.2, ignored on other platforms.)
|
|
<ul>
|
|
<li>1.3.18.0.2.26.1 = IBM SecureWay v3.1 ACL model</li>
|
|
<li>1.3.18.0.2.26.2 = IBM SecureWay v3.2 ACL model</li></ul>
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>1.3.18.0.2.26.2 = IBM SecureWay v3.2 ACL model
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>256
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Multi-valued.
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="aclacc"></a>
|
|
<p id="aclacc"><span class="bold">ibm-slapdACLAccess</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Controls whether access to ACLs is enabled. If set to TRUE,
|
|
access to ACLs is enabled. If set to FALSE, access to ACLs is disabled.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>TRUE
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Boolean
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>5
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="aclcache"></a>
|
|
<p id="aclcache"><span class="bold">ibm-slapdACLCache</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Controls whether or not the server caches ACL information.
|
|
<ul>
|
|
<li>If set to TRUE, the server caches ACL information.</li>
|
|
<li>If set to FALSE, the server does not cache ACL information.</li></ul>
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>TRUE
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Boolean
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>5
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="acchesiz"></a>
|
|
<p id="acchesiz"><span class="bold">ibm-slapdACLCacheSize</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Maximum number of entries to keep in the ACL Cache.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>25000
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Integer
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>11
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="addn"></a>
|
|
<p id="addn"><span class="bold">ibm-slapdAdminDN</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>The administrator bind DN for Directory Server.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>cn=root
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>DN
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>Unlimited
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="adgrpen"></a>
|
|
<p id="adgrpen"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdAdminGroupEnabled</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
|
|
<dl><img src="delta.gif" alt="Start of change" />
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies whether the Administrative Group is currently enabled. If
|
|
set to TRUE, the server will allow users in the administrative group to log
|
|
in.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>FALSE
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Boolean
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>128
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd><img src="deltaend.gif" alt="End of change" />
|
|
</dl></blockquote>
|
|
<a name="adpw"></a>
|
|
<p id="adpw"><span class="bold">ibm-slapdAdminPW</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>The administrator bind Password for Directory Server.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>secret
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Binary
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>128
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="alanon"></a>
|
|
<p id="alanon"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdAllowAnon</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
|
|
<dl><img src="delta.gif" alt="Start of change" />
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies if anonymous binds are allowed.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>True
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Boolean
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>128
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd><img src="deltaend.gif" alt="End of change" />
|
|
</dl></blockquote>
|
|
<a name="allreap"></a>
|
|
<p id="allreap"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdAllReapingThreshold</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies a number of connections to maintain in the server before connection
|
|
management is activated.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>1200
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-exact matching.
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>1024
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="anonreap"></a>
|
|
<p id="anonreap"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdAnonReapingThreshold</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies a number of connections to maintain in the server before connection
|
|
management of anonymous connections is activated.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>0
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-exact matching.
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>1024
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="bndreap"></a>
|
|
<p id="bndreap"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdBoundReapingThreshold</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
|
|
<dl><img src="delta.gif" alt="Start of change" />
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies a number of connections to maintain in the server before connection
|
|
management of anonymous and bound connections is activated.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>1100
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-exact matching.
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>1024
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd><img src="deltaend.gif" alt="End of change" />
|
|
</dl></blockquote>
|
|
<a name="blkerr"></a>
|
|
<p id="blkerr"><span class="bold">ibm-slapdBulkloadErrors</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>File path or device on ibmslapd host machine to which bulkload
|
|
error messages will be written.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>/var/bulkload.log
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-exact matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>1024
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="cachattr"></a>
|
|
<p id="cachattr"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdCachedAttribute</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
|
|
<dl><img src="delta.gif" alt="Start of change" />
|
|
<dt class="bold">Description</dt>
|
|
<dd>Contains the names of the attributes to be cached in the attribute cache,
|
|
one attribute name per value.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>None
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>256
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Multi-valued
|
|
</dd><img src="deltaend.gif" alt="End of change" />
|
|
</dl></blockquote>
|
|
<a name="cacheauto"></a>
|
|
<p id="cacheauto"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdCachedAttributeAutoAdjust</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
|
|
<dl><img src="delta.gif" alt="Start of change" />
|
|
<dt class="bold">Description</dt>
|
|
<dd>Controls whether the server will automatically adjust the attribute
|
|
caches at configured time intervals defined in ibm-slapdCachedAttributeAutoAdjustTime
|
|
and ibm-slapdCachedAttributeAutoAdjustTimeInterval.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>FALSE
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Boolean
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>5
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd><img src="deltaend.gif" alt="End of change" />
|
|
</dl></blockquote>
|
|
<a name="cacheautotime"></a>
|
|
<p id="cacheautotime"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdCachedAttributeAutoAdjustTime</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
|
|
<dl><img src="delta.gif" alt="Start of change" />
|
|
<dt class="bold">Description</dt>
|
|
<dd>When ibm-slapdCachedAttributeAutoAdjust is set to TRUE, controls the
|
|
time at which the server begins to adjust attribute caches automatically.
|
|
<pre class="xmp">Minimum = T000000
|
|
Maximum = T235959</pre>
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>T000000
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Military time
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>7
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd><img src="deltaend.gif" alt="End of change" />
|
|
</dl></blockquote>
|
|
<a name="cacheautotimeint"></a>
|
|
<p id="cacheautotimeint"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdCachedAttributeAutoAdjustTimeInterval</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
|
|
<dl><img src="delta.gif" alt="Start of change" />
|
|
<dt class="bold">Description</dt>
|
|
<dd>When ibm-slapdCachedAttributeAutoAdjust is set to TRUE, controls the
|
|
time interval between automatic adjustments of the attribute cache.
|
|
<pre class="xmp">Minimum = 1
|
|
Maximum = 24</pre>
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>2
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Integer
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>2
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd><img src="deltaend.gif" alt="End of change" />
|
|
</dl></blockquote>
|
|
<a name="cachatsz"></a>
|
|
<p id="cachatsz"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdCachedAttributeSize</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Amount of memory, in bytes, that can be used by the attribute cache.
|
|
A value of 0 indicates not use an attribute cache.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>0
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Integer
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>11
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued.
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="clme"></a>
|
|
<p id="clme"><span class="bold">ibm-slapdChangeLogMaxEntries</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>This attribute is used by a change log plug-in to specify the maximum
|
|
number of change log entries allowed in the RDBM database. Each change log
|
|
has its own changeLogMaxEntries attribute.
|
|
<pre class="xmp">Minimum = 0 (unlimited)
|
|
Maximum = 2,147,483,647 (32-bit, signed integer)</pre>
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>0
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Integer
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>11
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="clierr"></a>
|
|
<p id="clierr"><span class="bold">ibm-slapdCLIErrors</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>File path or device on ibmslapd host machine to which CLI
|
|
error messages will be written.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>/var/db2cli.log
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-exact matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>1024
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="crw"></a>
|
|
<p id="crw"><span class="bold">ibm-slapdConcurrentRW</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Setting this to TRUE allows searches to proceed simultaneously
|
|
with updates. It allows for 'dirty reads', that is, results that might not
|
|
be consistent with the committed state of the database.
|
|
<div class="attention"><span class="attentiontitle">Attention: </span>This attribute is deprecated.</div>
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>FALSE
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Boolean
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>5
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="db2cp"></a>
|
|
<p id="db2cp"><span class="bold">ibm-slapdDB2CP</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the code page of the directory database. 1208 is
|
|
the code page for UTF-8 databases.
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-exact matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>11
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="dbalias"></a>
|
|
<p id="dbalias"><span class="bold">ibm-slapdDBAlias</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>The DB2 database alias.
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-exact matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>8
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="dbcon"></a>
|
|
<p id="dbcon"><span class="bold">ibm-slapdDbConnections</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specify the number of DB2 connections the server will dedicate to the
|
|
DB2 backend. The value must be between 5 & 50 (inclusive).
|
|
<a name="wq394"></a>
|
|
<div class="notetitle" id="wq394">Note:</div>
|
|
<div class="notebody">ODBCCONS environment variable overrides the value of this
|
|
directive.</div>If ibm-slapdDbConnections (or ODBCCONS) is less
|
|
than 5 or greater than 50, the server will use 5 or 50 respectively. 1 additional
|
|
connection will be created for replication (even if no replication is defined).
|
|
2 additional connections will be created for the change log (if change log
|
|
is enabled).
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>15
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Integer
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>50
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="dbinst"></a>
|
|
<p id="dbinst"><span class="bold">ibm-slapdDbInstance</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the DB2 database instance for this backend.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>ldapdb2
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-exact matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>8
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
<a name="wq395"></a>
|
|
<div class="notetitle" id="wq395">Note:</div>
|
|
<div class="notebody">All ibm-slapdRdbmBackend objects must use
|
|
the same ibm-slapdDbInstance, ibm-slapdDbUserID, ibm-slapdDbUserPW and
|
|
DB2 character set.</div>
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="dbloc"></a>
|
|
<p id="dbloc"><span class="bold">ibm-slapdDbLocation</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>The file system path where the backend database is located.
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-exact matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>1024
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="dbname"></a>
|
|
<p id="dbname"><span class="bold">ibm-slapdDbName</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the DB2 database name for this backend.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>ldapdb2
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-exact matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>8
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="dbusrid"></a>
|
|
<p id="dbusrid"><span class="bold">ibm-slapdDbUserID</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the user name with which to bind to the DB2 database for this
|
|
backend.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>ldapdb2
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-exact matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>8
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
<a name="wq396"></a>
|
|
<div class="notetitle" id="wq396">Note:</div>
|
|
<div class="notebody">All ibm-slapdRdbmBackend objects must use
|
|
the same ibm-slapdDbInstance ibm-slapdDbUserID, ibm-slapdDbUserPW and DB2
|
|
character set.</div>
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="derefal"></a>
|
|
<p id="derefal"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdDerefAliases</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
|
|
<dl><img src="delta.gif" alt="Start of change" />
|
|
<dt class="bold">Description</dt>
|
|
<dd>Maximum alias dereferencing level on search requests, regardless of
|
|
any derefAliases that may have been specified on the client requests. Allowed
|
|
values are <span class="bold">never</span>, <span class="bold">find</span>, <span class="bold">search</span> and <span class="bold">always</span>.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>always
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>6
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd><img src="deltaend.gif" alt="End of change" />
|
|
</dl></blockquote>
|
|
<a name="dbusrpw"></a>
|
|
<p id="dbusrpw"><span class="bold">ibm-slapdDbUserPW</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the user password with which to bind to the DB2 database for
|
|
this backend. The password can be plain text or imask encrypted.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>ldapdb2
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Binary
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>128
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
<a name="wq397"></a>
|
|
<div class="notetitle" id="wq397">Note:</div>
|
|
<div class="notebody">All ibm-slapdRdbmBackend objects must use
|
|
the same ibm-slapdDbInstance, ibm-slapdDbUserID, ibm-slapdDbUserPW and DB2
|
|
character set.</div>
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="digadmin"></a>
|
|
<p id="digadmin"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdDigestAdminUser</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
|
|
<dl><img src="delta.gif" alt="Start of change" />
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the Digest MD5 User Name of the LDAP administrator or administrative
|
|
group member. Used when MD5 Digest authentication is used to authenticate
|
|
an administrator.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>None
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>512
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd><img src="deltaend.gif" alt="End of change" />
|
|
</dl></blockquote>
|
|
<a name="digattr"></a>
|
|
<p id="digattr"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdDigestAttr</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
|
|
<dl><img src="delta.gif" alt="Start of change" />
|
|
<dt class="bold">Description</dt>
|
|
<dd>Overrides the default DIGEST-MD5 username attribute. The name of the
|
|
attribute to use for DIGEST-MD5 SASL bind username lookup. If the value
|
|
is not specified, the server uses uid.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>If not specified, the server uses uid.
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string.
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>64
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd><img src="deltaend.gif" alt="End of change" />
|
|
</dl></blockquote>
|
|
<a name="digrealm"></a>
|
|
<p id="digrealm"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdDigestRealm</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
|
|
<dl><img src="delta.gif" alt="Start of change" />
|
|
<dt class="bold">Description</dt>
|
|
<dd>Overrides the default DIGEST-MD5 realm. A string that can enable users
|
|
to know which username and password to use, in case they might have different
|
|
ones for different servers. Conceptually, it is the name of a collection
|
|
of accounts that might include the users account. This string should contain
|
|
at least the name of the host performing the authentication and might additionally
|
|
indicate the collection of users who might have access. An example might be
|
|
<tt class="xph">registered_users@gotham.news.example.com</tt>. If the attribute is
|
|
not specified, the server uses the fully qualified hostname of the server.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>The fully qualified hostname of the server
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string.
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>1024
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd><img src="deltaend.gif" alt="End of change" />
|
|
</dl></blockquote>
|
|
<a name="een"></a>
|
|
<p id="een"><span class="bold">ibm-slapdEnableEventNotification</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies whether to enable Event Notification. It must be set to either
|
|
TRUE or FALSE.
|
|
<p>If set to FALSE, the server rejects all client
|
|
requests to register event notifications with the extended result LDAP_UNWILLING_TO_PERFORM.</p>
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>TRUE
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Boolean
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>5
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="entchsz"></a>
|
|
<p id="entchsz"><span class="bold">ibm-slapdEntryCacheSize</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Maximum number of entries to keep in the entry cache.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>25000
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Integer
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>11
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="erlog"></a>
|
|
<p id="erlog"><span class="bold">ibm-slapdErrorLog</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the file path or device on the Directory Server
|
|
machine to which error messages are written.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>/var/ibmslapd.log
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-exact matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>1024
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="eszthr"></a>
|
|
<p id="eszthr"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdESizeThreshold</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
|
|
<dl><img src="delta.gif" alt="Start of change" />
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the number of work items on the work queue before the Emergency
|
|
thread is activated.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>50
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Integer
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>1024
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd><img src="deltaend.gif" alt="End of change" />
|
|
</dl></blockquote>
|
|
<a name="ethract"></a>
|
|
<p id="ethract"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdEThreadActivate</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
|
|
<dl><img src="delta.gif" alt="Start of change" />
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies which conditions will activate the Emergency Thread. Must
|
|
be set to one of the following values:
|
|
<dl>
|
|
<dt class="bold">S</dt>
|
|
<dd>Size only
|
|
</dd>
|
|
<dt class="bold">T</dt>
|
|
<dd>Time only
|
|
</dd>
|
|
<dt class="bold">SOT</dt>
|
|
<dd>Size or time
|
|
</dd>
|
|
<dt class="bold">SAT</dt>
|
|
<dd>Size and time
|
|
</dd>
|
|
</dl>
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>SAT
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>String
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>1024
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd><img src="deltaend.gif" alt="End of change" />
|
|
</dl></blockquote>
|
|
<a name="ethrden"></a>
|
|
<p id="ethrden"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdEThreadEnable</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
|
|
<dl><img src="delta.gif" alt="Start of change" />
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies if the Emergency Thread is active.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>True
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Boolean
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>1024
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd><img src="deltaend.gif" alt="End of change" />
|
|
</dl></blockquote>
|
|
<a name="etime"></a>
|
|
<p id="etime"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdETimeThreshold</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
|
|
<dl><img src="delta.gif" alt="Start of change" />
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the amount of time in minutes between items removed from the
|
|
work queue before the Emergency thread is activated.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>5
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Integer
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>1024
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd><img src="deltaend.gif" alt="End of change" />
|
|
</dl></blockquote>
|
|
<a name="fltchbpl"></a>
|
|
<p id="fltchbpl"><span class="bold">ibm-slapdFilterCacheBypassLimit</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Search filters that match more than this number of entries
|
|
will not be added to the Search Filter cache. Because the list of entry IDs
|
|
that matched the filter are included in this cache, this setting helps to
|
|
limit memory use. A value of 0 indicates no limit.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>100
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Integer
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>11
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="fltchsz"></a>
|
|
<p id="fltchsz"><span class="bold">ibm-slapdFilterCacheSize</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the maximum number of entries to keep in the Search
|
|
Filter Cache.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>25000
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Integer
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>11
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="idtmout"></a>
|
|
<p id="idtmout"><span class="bold">ibm-slapdIdleTimeOut</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Maximum time to keep an LDAP connection open when there is
|
|
no activity on the connection. The idle time for an LDAP connection is the
|
|
time (in seconds) between the last activity on the connection and the current
|
|
time. If the connection has expired, based on the idle time being greater
|
|
than the value of this attribute, the LDAP server will clean up and end the
|
|
LDAP connection, making it available for other incoming requests.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>300
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Integer
|
|
</dd>
|
|
<dt class="bold">Length</dt>
|
|
<dd>11
|
|
</dd>
|
|
<dt class="bold">Count</dt>
|
|
<dd>Single
|
|
</dd>
|
|
<dt class="bold">Usage</dt>
|
|
<dd>Directory operation
|
|
</dd>
|
|
<dt class="bold">User Modify</dt>
|
|
<dd>Yes
|
|
</dd>
|
|
<dt class="bold">Access Class</dt>
|
|
<dd>Critical
|
|
</dd>
|
|
<dt class="bold">Required</dt>
|
|
<dd>No
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="incsch"></a>
|
|
<p id="incsch"><span class="bold">ibm-slapdIncludeSchema</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies a file path on the Directory Server server machine
|
|
containing schema definitions.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>
|
|
<ul class="simple">
|
|
<li>/etc/V3.system.at</li>
|
|
<li>/etc/V3.system.oc</li>
|
|
<li>/etc/V3.config.at</li>
|
|
<li>/etc/V3.config.oc</li>
|
|
<li>/etc/V3.ibm.at</li>
|
|
<li>/etc/V3.ibm.oc</li>
|
|
<li> /etc/V3.user.at</li>
|
|
<li>/etc/V3.user.oc</li>
|
|
<li>/etc/V3.ldapsyntaxes</li>
|
|
<li>/etc/V3.matchingrules</li></ul>
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-exact matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>1024
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Multi-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="krbadn"></a>
|
|
<p id="krbadn"><span class="bold">ibm-slapdKrbAdminDN</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the Kerberos ID of the LDAP administrator (for example, ibm-kn=admin1@realm1).
|
|
Used when Kerberos authentication is used to authenticate the administrator
|
|
when logged onto the Server Administration interface. This might be specified
|
|
instead of or in addition to adminDN and adminPW.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>No preset default is defined.
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-exact matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>128
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="krbe"></a>
|
|
<p id="krbe"><span class="bold">ibm-slapdKrbEnable</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies whether the server supports Kerberos. It must be either TRUE
|
|
or FALSE.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>TRUE
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Boolean
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>5
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="krbim"></a>
|
|
<p id="krbim"><span class="bold">ibm-slapdKrbIdentityMap</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies whether to use Kerberos identity mapping. It must be set to
|
|
either TRUE or FALSE. If set to TRUE, when a client is authenticated with
|
|
a Kerberos ID, the server searches for all local users with matching Kerberos
|
|
credentials, and adds those user DNs to the bind credentials of the connection.
|
|
This allows ACLs based on LDAP user DNs to still be usable with Kerberos.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>FALSE
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Boolean
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>5
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="krbkey"></a>
|
|
<p id="krbkey"><span class="bold">ibm-slapdKrbKeyTab</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the LDAP server Kerberos keytab file. This file contains the
|
|
LDAP server private key, that is associated with its Kerberos account. This
|
|
file is to be protected (like the server SSL key database file).
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>No preset default is defined.
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-exact matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>1024
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="krbrlm"></a>
|
|
<p id="krbrlm"><span class="bold">ibm-slapdKrbRealm</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the Kerberos realm of the LDAP server. It is used to publish
|
|
the ldapservicename attribute in the root DSE. Note that an LDAP server can
|
|
serve as the repository of account information for multiple KDCs (and realms),
|
|
but the LDAP server, as a kerberized server, can only be a member of a single
|
|
realm.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>No preset default is defined.
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-insensitive matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>256
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="langtag"></a>
|
|
<p id="langtag"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdLanguageTagsEnabled</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
|
|
<dl><img src="delta.gif" alt="Start of change" />
|
|
<dt class="bold">Description</dt>
|
|
<dd>Whether or not the server should allow language tags. The value read
|
|
from the ibmslapd.conf file for this attribute is FALSE, but, can be set to
|
|
TRUE.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>FALSE
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Boolean
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>5
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd><img src="deltaend.gif" alt="End of change" />
|
|
</dl></blockquote>
|
|
<a name="crlh"></a>
|
|
<p id="crlh"><span class="bold">ibm-slapdLdapCrlHost</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the host name of the LDAP server that contains the
|
|
Certificate Revocation Lists (CRLs) for validating client x.509v3 certificates.
|
|
This parameter is needed when ibm-slapdSslAuth=serverclientauth and the client
|
|
certificates have been issued for CRL validation.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>No preset default is defined.
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-insensitive matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>256
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="crlpw"></a>
|
|
<p id="crlpw"><span class="bold">ibm-slapdLdapCrlPassword</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the password that server-side SSL uses to bind to
|
|
the LDAP server that contains the Certificate Revocation Lists (CRLs) for
|
|
validating client x.509v3 certificates. This parameter might be needed when
|
|
ibm-slapdSslAuth=serverclientauth and the client certificates have been issued
|
|
for CRL validation.
|
|
<a name="wq398"></a>
|
|
<div class="notetitle" id="wq398">Note:</div>
|
|
<div class="notebody">If the LDAP server
|
|
holding the CRLs permits unauthenticated access to the CRLs (that is, anonymous
|
|
access), then ibm-slapdLdapCrlPassword is not required.</div>
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>No preset default is defined.
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Binary
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>128
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="crlport"></a>
|
|
<p id="crlport"><span class="bold">ibm-slapdLdapCrlPort</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the port used to connect to the LDAP server that
|
|
contains the Certificate Revocation Lists (CRLs) for validating client x.509v3
|
|
certificates. This parameter is needed when ibm-slapdSslAuth=serverclientauth
|
|
and the client certificates have been issued for CRL validation. (IP ports
|
|
are unsigned, 16-bit integers in the range 1 - 65535)
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>No preset default is defined.
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Integer
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>11
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="crlusr"></a>
|
|
<p id="crlusr"><span class="bold">ibm-slapdLdapCrlUser</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the bindDN that the server-side SSL uses to bind
|
|
to the LDAP server that contains the Certificate Revocation Lists (CRLs) for
|
|
validating client x.509v3 certificates. This parameter might be needed when
|
|
ibm-slapdSslAuth=serverclientauth and the client certificates have been issued
|
|
for CRL validation.
|
|
<a name="wq399"></a>
|
|
<div class="notetitle" id="wq399">Note:</div>
|
|
<div class="notebody">If the LDAP server
|
|
holding the CRLs permits unauthenticated access to the CRLs (that is, anonymous
|
|
access), then ibm-slapdLdapCrlUser is not required.</div>
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>No preset default is defined.
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>DN
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>1000
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="mastdn"></a>
|
|
<p id="mastdn"><span class="bold">ibm-slapdMasterDN</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the bind DN of master server. The value must match the replicaBindDN
|
|
in the replicaObject defined for the master server. When Kerberos is used
|
|
to authenticate to the replica, ibm-slapdMasterDN must specify the DN representation
|
|
of the Kerberos ID (for example, ibm-kn=freddy@realm1). When Kerberos
|
|
is used, MasterServerPW is ignored.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>No preset default is defined.
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>DN
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>1000
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="mastpw"></a>
|
|
<p id="mastpw"><span class="bold">ibm-slapdMasterPW</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the bind password of master replica server. The value must
|
|
match replicaBindDN in the replicaObject defined for the master server. When
|
|
Kerberos is used to authenticate to the replica, ibm-slapdMasterDN must specify
|
|
the DN representation of the Kerberos ID (for example, ibm-kn=freddy@realm1).
|
|
When Kerberos is used, MasterServerPW is ignored.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>No preset default is defined.
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Binary
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>128
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="mastref"></a>
|
|
<p id="mastref"><span class="bold">ibm-slapdMasterReferral</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the URL of the master replica server. For example:
|
|
|
|
<pre class="xmp">ldap://master.us.ibm.com</pre> For security set
|
|
to SSL only:
|
|
<pre class="xmp"> ldaps://master.us.ibm.com:636 </pre>
|
|
For security set to none and using a nonstandard port:
|
|
<pre class="xmp">ldap://master.us.ibm.com:1389</pre>
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>none
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-insensitive matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>256
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="mepc"></a>
|
|
<p id="mepc"><span class="bold">ibm-slapdMaxEventsPerConnection</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the maximum number of event notifications which
|
|
can be registered per connection.
|
|
<pre class="xmp">Minimum = 0 (unlimited)
|
|
Maximum = 2,147,483,647</pre>
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>100
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Integer
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>11
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="met"></a>
|
|
<p id="met"><span class="bold">ibm-slapdMaxEventsTotal</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the maximum total number of event notifications
|
|
which can be registered for all connections.
|
|
<pre class="xmp">Minimum = 0 (unlimited)
|
|
Maximum = 2,147,483,647</pre>
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>0
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Integer
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>11
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="mnot"></a>
|
|
<p id="mnot"><span class="bold">ibm-slapdMaxNumOfTransactions</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the maximum number of transactions per server.
|
|
<pre class="xmp">Minimum = 0 (unlimited)
|
|
Maximum = 2,147,483,647</pre>
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>20
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Integer
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>11
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="mopt"></a>
|
|
<p id="mopt"><span class="bold">ibm-slapdMaxOpPerTransaction</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the maximum number of operations per transaction.
|
|
<pre class="xmp">Minimum = 0 (unlimited)
|
|
Maximum = 2,147,483,647</pre>
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>5
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Integer
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>11
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="mxpndch"></a>
|
|
<p id="mxpndch"><span class="bold">ibm-slapdMaxPendingChangesDisplayed</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Maximum number of pending changes to be displayed.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>200
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Integer
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>11
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="mtlot"></a>
|
|
<p id="mtlot"><span class="bold">ibm-slapdMaxTimeLimitOfTransactions</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the maximum timeout value of a pending transaction in seconds.
|
|
|
|
<pre class="xmp">Minimum = 0 (unlimited)
|
|
Maximum = 2,147,483,647</pre>
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>300
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Integer
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>11
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="pgesal"></a>
|
|
<p id="pgesal"><span class="bold">ibm-slapdPagedResAllowNonAdmin</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Whether or not the server should allow non-Administrator bind
|
|
for paged results requests on a search request. If the value read from the
|
|
ibmslapd.conf file is FALSE, the server will process only those client requests
|
|
submitted by a user with Administrator authority. If a client requests paged
|
|
results for a search operation, does not have Administrator authority, and
|
|
the value read from the ibmslapd.conf file for this attribute is FALSE, the
|
|
server will return to the client with return code insufficientAccessRights;
|
|
no searching or paging will be performed.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>FALSE
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Boolean
|
|
</dd>
|
|
<dt class="bold">Length</dt>
|
|
<dd>5
|
|
</dd>
|
|
<dt class="bold">Count</dt>
|
|
<dd>Single
|
|
</dd>
|
|
<dt class="bold">Usage</dt>
|
|
<dd>directoryOperation
|
|
</dd>
|
|
<dt class="bold">User Modify</dt>
|
|
<dd>Yes
|
|
</dd>
|
|
<dt class="bold">Access Class</dt>
|
|
<dd>critical
|
|
</dd>
|
|
<dt class="bold">Objectclass</dt>
|
|
<dd>ibm-slapdRdbmBackend
|
|
</dd>
|
|
<dt class="bold">Required</dt>
|
|
<dd>No
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="pglmt"></a>
|
|
<p id="pglmt"><span class="bold">ibm-slapdPagedResLmt</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Maximum number of outstanding paged results search requests
|
|
allowed active simultaneously. Range = 0.... If a client requests a paged
|
|
results operation, and a maximum number of outstanding paged results are currently
|
|
active, then the server will return to the client with return code of busy;
|
|
no searching or paging will be performed.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>3
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Integer
|
|
</dd>
|
|
<dt class="bold">Length</dt>
|
|
<dd>11
|
|
</dd>
|
|
<dt class="bold">Count</dt>
|
|
<dd>Single
|
|
</dd>
|
|
<dt class="bold">Usage</dt>
|
|
<dd>directoryOperation
|
|
</dd>
|
|
<dt class="bold">User Modify</dt>
|
|
<dd>Yes
|
|
</dd>
|
|
<dt class="bold">Access Class</dt>
|
|
<dd>critical
|
|
</dd>
|
|
<dt class="bold">Required</dt>
|
|
<dd>No
|
|
</dd>
|
|
<dt class="bold">Objectclass</dt>
|
|
<dd>ibm-slapdRdbmBackend
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="pgslmt"></a>
|
|
<p id="pgslmt"><span class="bold">ibm-slapdPageSizeLmt</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Maximum number of entries to return from search for an individual
|
|
page when paged results control is specified, regardless of any pagesize that
|
|
might have been specified on the client search request. Range = 0.... If a
|
|
client has passed a page size, then the smaller value of the client value
|
|
and the value read from ibmslapd.conf will be used.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>50
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Integer
|
|
</dd>
|
|
<dt class="bold">Length</dt>
|
|
<dd>11
|
|
</dd>
|
|
<dt class="bold">Count</dt>
|
|
<dd>Single
|
|
</dd>
|
|
<dt class="bold">Usage</dt>
|
|
<dd>directoryOperation
|
|
</dd>
|
|
<dt class="bold">User Modify</dt>
|
|
<dd>Yes
|
|
</dd>
|
|
<dt class="bold">Access Class</dt>
|
|
<dd>critical
|
|
</dd>
|
|
<dt class="bold">Required</dt>
|
|
<dd>No
|
|
</dd>
|
|
<dt class="bold">Objectclass</dt>
|
|
<dd>ibm-slapdRdbmBackend
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="plug"></a>
|
|
<p id="plug"><span class="bold">ibm-slapdPlugin</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>A plugin is a dynamically loaded library which extends the
|
|
capabilities of the server. An ibm-slapdPlugin attribute specifies to the
|
|
server how to load and initialize a plug-in library. The syntax is:
|
|
|
|
<pre class="xmp"><var class="pv">keyword filename</var> init_function [<var class="pv">args</var>...]</pre>The syntax is slightly different for each platform because
|
|
of library naming conventions.
|
|
<p>Most plug-ins are optional, but
|
|
the RDBM backend plug-in is required for all RDBM backends.</p>
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd><span class="italic">database</span> /bin/libback-rdbm.dll
|
|
rdbm_backend_init
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-exact matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>2000
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Multi-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="port"></a>
|
|
<p id="port"><span class="bold">ibm-slapdPort</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the TCP/IP port used for non-SSL connections. It
|
|
cannot have the same value as ibm-slapdSecurePort. (IP ports are unsigned,
|
|
16-bit integers in the range 1 - 65535.)
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>389
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Integer
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>5
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="pwe"></a>
|
|
<p id="pwe"><span class="bold">ibm-slapdPWEncryption</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the encoding mechanism for the user passwords before they
|
|
are stored in the directory. It must be specified as none, imask, crypt, or
|
|
sha (you must use the keyword <span class="bold">sha</span> in order
|
|
to get SHA-1 encoding). The value must be set to none for the SASL cram-md5
|
|
bind to succeed.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>none
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-insensitive matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>5
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="ro"></a>
|
|
<p id="ro"><span class="bold">ibm-slapdReadOnly</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>This attribute is normally applied to only the Directory backend.
|
|
It specifies whether the backend can be written to. It must be specified as
|
|
either TRUE or FALSE. It defaults to FALSE if unspecified. If set to TRUE,
|
|
the server returns LDAP_UNWILLING_TO_PERFORM (0x35) in response to any client
|
|
request which changes data in the readOnly database.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>FALSE
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Boolean
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>5
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="ref"></a>
|
|
<p id="ref"><span class="bold">ibm-slapdReferral</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the referral LDAP URL to pass back when the local
|
|
suffixes do not match the request. It is used for superior referral (that
|
|
is, the suffix is not within the naming context of the server).
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>No preset default is defined.
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-exact matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>32700
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Multi-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="repdbcn"></a>
|
|
<p id="repdbcn"><span class="bold">ibm-slapdReplDbConns</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Maximum number of database connections for use by replication.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>4
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Integer
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>11
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="repsbtr"></a>
|
|
<p id="repsbtr"><span class="bold">ibm-slapdReplicaSubtree</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Identifies the DN of a replicated subtree
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>DN
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>1000
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="schadds"></a>
|
|
<p id="schadds"><span class="bold">ibm-slapdSchemaAdditions</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>The ibm-slapdSchemaAdditions attribute is used to identify
|
|
explicitly which file holds new schema entries. This is set by default to
|
|
be /etc/V3.modifiedschema. If this attribute is not defined, the server reverts
|
|
to using the last ibm-slapdIncludeSchema file as in previous releases.
|
|
<p>Before Version 3.2, the last includeSchema entry in <span class="bold">slapd.conf</span> was the file to which any new schema entries were added by
|
|
the server if it received an add request from a client. Normally the last
|
|
includeSchema is the V3.modifiedschema file, which is an empty file installed
|
|
just for this purpose.</p>
|
|
<a name="wq400"></a>
|
|
<div class="notetitle" id="wq400">Note:</div>
|
|
<div class="notebody">The name modified
|
|
is misleading, for it only stores new entries. Changes to existing schema
|
|
entries are made in their original files.</div>
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>/etc/V3.modifiedschema
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-exact matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>1024
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="schchk"></a>
|
|
<p id="schchk">i<span class="bold">bm-slapdSchemaCheck</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the schema checking mechanism for the add/modify/delete operation.
|
|
It must be specified as V2, V3, or V3_lenient.
|
|
<ul>
|
|
<li>V2 - Retain v2 and v2.1 checking. Recommended for migration
|
|
purpose.</li>
|
|
<li>V3 - Perform v3 checking.</li>
|
|
<li>V3_lenient - Not all parent object classes are needed. Only
|
|
the immediate object class is needed when adding entries.</li></ul>
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>V3_lenient
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-insensitive matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>10
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="secpt"></a>
|
|
<p id="secpt"><span class="bold">ibm-slapdSecurePort</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the TCP/IP port used for SSL connections. It cannot
|
|
have the same value as ibm-slapdPort. (IP ports are unsigned, 16-bit integers
|
|
in the range 1 - 65535.)
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>636
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Integer
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>5
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="sec"></a>
|
|
<p id="sec"><span class="bold">ibm-slapdSecurity</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd><img src="delta.gif" alt="Start of change" />Enables SSL and TLS connections. Must be none, SSL, SSLOnly,
|
|
TLS, or SSLTLS.
|
|
<ul>
|
|
<li>none - The server listens on the nonsecure port only.</li>
|
|
<li>SSL - The server listens on both the SSL and the non-SSL ports. The secure
|
|
port is the only means of using a secure connection.</li>
|
|
<li>SSLOnly - The server listens on the SSL port only.</li>
|
|
<li>TLS - The server only listens on the nonsecure port. The StartTLS extended
|
|
operation is the only means of using a secure connection.</li>
|
|
<li>SSLTLS - The server listens on both the default and secure ports. The
|
|
StartTLS extended operation can be used to get a secure connection over the
|
|
default port, or the client can use the secure port directly. Sending a StartTLS
|
|
over the secure port will return the message <tt class="xph">LDAP_OPERATIONS_ERROR</tt>.</li></ul><img src="deltaend.gif" alt="End of change" />
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>none
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-insensitive matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>7
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="srvid"></a>
|
|
<p id="srvid"><span class="bold">ibm-slapdServerId</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Identifies the server for use in replication.
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>IA5 String with case-sensitive matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>240
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="setenv"></a>
|
|
<p id="setenv"><span class="bold">ibm-slapdSetenv</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>The server runs <span class="bold">putenv()</span> for all values
|
|
of ibm-slapdSetenv at startup to change the server runtime environment. Shell
|
|
variables (like %PATH% or $LANG) are not expanded.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>No preset default is defined.
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-exact matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>2000
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Multi-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="sizel"></a>
|
|
<p id="sizel"><span class="bold">ibm-slapdSizeLimit</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the maximum number of entries to return from search,
|
|
regardless of any size limit that might have been specified on the client
|
|
search request (Range = 0...). If a client has passed a limit, then the smaller
|
|
value of the client values and the value read from <span class="bold">ibmslapd.conf</span> are used. If a client has not passed a limit and has bound
|
|
as admin DN, the limit is considered unlimited. If the client has not passed
|
|
a limit and has not bound as admin DN, then the limit is that which was read
|
|
from the <span class="bold">ibmslapd.conf</span> file. 0 = unlimited.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>500
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Integer
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>12
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="keylmt"></a>
|
|
<p id="keylmt"><span class="bold">ibm-slapdSortKeyLimit</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>The maximum number of sort conditions (keys) that can be specified on
|
|
a single search request. Range = 0.... If a client has passed a search request
|
|
with more sort keys than the limit allows, and the sorted search control criticality
|
|
is FALSE, then the server will honor the value read from the ibmslapd.conf
|
|
file and ignore any sort keys encountered after the limit has been reached
|
|
- searching and sorting will be performed. If a client has passed a search
|
|
request with more keys than the limit allows, and the sorted search control
|
|
criticality is TRUE, then the server will return to the client with a return
|
|
code of <span class="bold">adminLimitExceeded</span> - no searching
|
|
or sorting will be performed.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>3
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>cis
|
|
</dd>
|
|
<dt class="bold">Length</dt>
|
|
<dd>11
|
|
</dd>
|
|
<dt class="bold">Count</dt>
|
|
<dd>Single
|
|
</dd>
|
|
<dt class="bold">Usage</dt>
|
|
<dd>directoryOperation
|
|
</dd>
|
|
<dt class="bold">User Modify</dt>
|
|
<dd>Yes
|
|
</dd>
|
|
<dt class="bold">Access Class</dt>
|
|
<dd>critical
|
|
</dd>
|
|
<dt class="bold">Objectclass</dt>
|
|
<dd>ibm-slapdRdbmBackend
|
|
</dd>
|
|
<dt class="bold">Required</dt>
|
|
<dd>No
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="srchal"></a>
|
|
<p id="srchal"><span class="bold">ibm-slapdSortSrchAllowNonAdmin</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Whether or not the server should allow non-Administrator bind
|
|
for sort on a search request. If the value read from the ibmslapd.conf file
|
|
is FALSE, the server will process only those client requests submitted by
|
|
a user with Administrator authority. If a client requests sort for a search
|
|
operation, does not have Administrator authority, and the value read from
|
|
the ibmslapd.conf file for this attribute is FALSE, the server will return
|
|
to the client with return code insufficientAccessRights - no searching or
|
|
sorting will be performed.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>FALSE
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Boolean
|
|
</dd>
|
|
<dt class="bold">Length</dt>
|
|
<dd>5
|
|
</dd>
|
|
<dt class="bold">Count</dt>
|
|
<dd>Single
|
|
</dd>
|
|
<dt class="bold">Usage</dt>
|
|
<dd>directoryOperation
|
|
</dd>
|
|
<dt class="bold">User Modify</dt>
|
|
<dd>Yes
|
|
</dd>
|
|
<dt class="bold">Access Class</dt>
|
|
<dd>critical
|
|
</dd>
|
|
<dt class="bold">Objectclass</dt>
|
|
<dd> ibm-slapdRdbmBackend
|
|
</dd>
|
|
<dt class="bold">Required</dt>
|
|
<dd>No
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="ssla"></a>
|
|
<p id="ssla"><span class="bold">ibm-slapdSslAuth</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the authentication type for the ssl connection,
|
|
either serverauth or serverclientauth.
|
|
<ul>
|
|
<li>serverauth - supports server authentication at the client. This
|
|
is the default.</li>
|
|
<li>serverclientauth - supports both server and client authentication.</li></ul>
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>serverauth
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-insensitive matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>16
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="sslc"></a>
|
|
<p id="sslc"><span class="bold">ibm-slapdSslCertificate</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the label that identifies the server Personal Certificate
|
|
in the key database file. This label is specified when the server private
|
|
key and certificate are created with the <span class="bold">gsk4ikm</span> application. If ibm-slapdSslCertificate is not defined, the default
|
|
private key, as defined in the key database file, is used by the LDAP server
|
|
for SSL connections.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>No preset default is defined.
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-exact matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>128
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="nsslcs"></a>
|
|
<p id="nsslcs"><span class="bold">ibm-slapdSslCipherSpec</span></p><blockquote>
|
|
<p>Specifies the method of SSL encryption for clients accessing the server.
|
|
Must be set to one of the following:</p>
|
|
<a name="wq401"></a>
|
|
<table id="wq401" width="100%" summary="" border="1" frame="border" rules="all" class="singleborder">
|
|
<caption>Table 7. Methods of SSL encryption</caption>
|
|
<thead valign="bottom">
|
|
<tr class="tablemainheaderbar">
|
|
<th id="wq402" align="left" valign="top">Attribute</th>
|
|
<th id="wq403" align="left" valign="top">Encryption level</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody valign="top">
|
|
<tr>
|
|
<td headers="wq402">TripleDES-168</td>
|
|
<td headers="wq403">Triple DES encryption with a 168-bit key and a SHA-1
|
|
MAC</td>
|
|
</tr>
|
|
<tr>
|
|
<td headers="wq402">DES-56</td>
|
|
<td headers="wq403">DES encryption with a 56-bit key and a SHA-1 MAC</td>
|
|
</tr>
|
|
<tr>
|
|
<td headers="wq402">RC4-128-SHA</td>
|
|
<td headers="wq403">RC4 encryption with a 128-bit key and a SHA-1 MAC</td>
|
|
</tr>
|
|
<tr>
|
|
<td headers="wq402">RC4-128-MD5</td>
|
|
<td headers="wq403">RC4 encryption with a 128-bit key and a MD5 MAC</td>
|
|
</tr>
|
|
<tr>
|
|
<td headers="wq402">RC2-40-MD5</td>
|
|
<td headers="wq403">RC4 encryption with a 40-bit key and a MD5 MAC</td>
|
|
</tr>
|
|
<tr>
|
|
<td headers="wq402">RC4-40-MD5</td>
|
|
<td headers="wq403">RC4 encryption with a 40-bit key and a MD5 MAC</td>
|
|
</tr>
|
|
<tr>
|
|
<td headers="wq402">AES</td>
|
|
<td headers="wq403">AES encryption</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
<dl>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>IA5 String
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>30
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="sslkd"></a>
|
|
<p id="sslkd"><span class="bold">ibm-slapdSslKeyDatabase</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the file path to the LDAP server SSL key database
|
|
file. This key database file is used for handling SSL connections from LDAP
|
|
clients, as well as for creating secure SSL connections to replica LDAP servers.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>/etc/key.kdb
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-exact matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>1024
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="sslkdpw"></a>
|
|
<p id="sslkdpw"><span class="bold">ibm-slapdSslKeyDatabasePW</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the password associated with the LDAP server SSL
|
|
key database file, as specified on the ibm-slapdSslKeyDatabase parameter.
|
|
If the LDAP server key database file has an associated password stash file,
|
|
then the ibm-slapdSslKeyDatabasePW parameter can be omitted, or set to none.
|
|
<a name="wq404"></a>
|
|
<div class="notetitle" id="wq404">Note:</div>
|
|
<div class="notebody">The password stash file must be located in the same directory
|
|
as the key database file and it must have the same file name as the key database
|
|
file, but with an extension of .sth instead of .kdb.</div>
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>none
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Binary
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>128
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="keyring"></a>
|
|
<p id="keyring"><span class="bold">ibm-slapdSslKeyRingFile</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Path to the LDAP server's SSL key database file. This key
|
|
database file is used for handling SSL connections from LDAP clients, as well
|
|
as for creating secure SSL connections to replica LDAP servers.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>key.kdb
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory String with case-sensitive matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>1024
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="suff"></a>
|
|
<p id="suff"><span class="bold">ibm-slapdSuffix</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies a naming context to be stored in this backend.
|
|
<a name="wq405"></a>
|
|
<div class="notetitle" id="wq405">Note:</div>
|
|
<div class="notebody">This has the same name as the object class.</div>
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>No preset default is defined.
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>DN
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>1000
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Multi-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="spwebadm"></a>
|
|
<p id="spwebadm"><span class="bold">ibm-slapdSupportedWebAdmVersion</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>This attribute defines the earliest version of the Web administration
|
|
tool that supports this server of cn=configuration.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory String
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="syslogl"></a>
|
|
<p id="syslogl"><span class="bold">ibm-slapdSysLogLevel</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the level at which debugging and operation statistics
|
|
are logged in the slapd.errors file. It must be specified as l, m, or h.
|
|
<ul>
|
|
<li>h - high (provides the most information)</li>
|
|
<li>m - medium (the default)</li>
|
|
<li>l - low (provides the least information)</li></ul>
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>m
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string with case-insensitive matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>1
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="tl"></a>
|
|
<p id="tl"><span class="bold">ibm-slapdTimeLimit</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies the maximum number of seconds to spend on a search
|
|
request, regardless of any time limit that might have been specified on the
|
|
client request. If a client has passed a limit, then the smaller value of
|
|
the client values and the value read from <span class="bold">ibmslapd.conf</span> are used. If a client has not passed a limit and has bound as admin
|
|
DN, the limit is considered unlimited. If the client has not passed a limit
|
|
and has not bound as admin DN, then the limit is that which was read from
|
|
the <span class="bold">ibmslapd.conf</span> file. 0 = unlimited.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>900
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Integer
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="transe"></a>
|
|
<p id="transe"><span class="bold">ibm-slapdTransactionEnable</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>If the transaction plugin is loaded but ibm-slapdTransactionEnable is
|
|
set to FALSE, the server rejects all StartTransaction requests with the response <tt class="xph">LDAP_UNWILLING_TO_PERFORM</tt>.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>TRUE
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Boolean
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>5
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="upidpw"></a>
|
|
<p id="upidpw"><span class="bold">ibm-slapdUseProcessIdPw</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>If set to TRUE, the server ignores the ibm-slapdDbUserID and the ibm-slapdDbUserPW
|
|
attributes and uses its own process credentials to authenticate to DB2.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>FALSE
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Boolean
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>5
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="vers"></a>
|
|
<p id="vers"><span class="bold">ibm-slapdVersion</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>IBM Slapd version Number
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory String with case-sensitive matching
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a name="wrtmout"></a>
|
|
<p id="wrtmout"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdWriteTimeout</span><img src="deltaend.gif" alt="End of change" /></p><blockquote><img src="delta.gif" alt="Start of change" />
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>Specifies a timeout value in seconds for blocked writes. When the time
|
|
limit is reached the connection will be dropped.
|
|
</dd>
|
|
<dt class="bold">Default</dt>
|
|
<dd>120
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Integer
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>1024
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Single-valued
|
|
</dd>
|
|
</dl><img src="deltaend.gif" alt="End of change" /></blockquote>
|
|
<a name="objcl"></a>
|
|
<p id="objcl"><span class="bold">objectClass</span></p><blockquote>
|
|
<dl>
|
|
<dt class="bold">Description</dt>
|
|
<dd>The values of the objectClass attribute describe the kind of object
|
|
which an entry represents.
|
|
</dd>
|
|
<dt class="bold">Syntax</dt>
|
|
<dd>Directory string
|
|
</dd>
|
|
<dt class="bold">Maximum Length</dt>
|
|
<dd>128
|
|
</dd>
|
|
<dt class="bold">Value</dt>
|
|
<dd>Multi-valued
|
|
</dd>
|
|
</dl></blockquote>
|
|
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
|
|
</body>
|
|
</html>
|