friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahy_5.4.0.1/rzahyconfigsa.htm

2387 lines
77 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="dc.language" scheme="rfc1766" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<meta name="dc.date" scheme="iso8601" content="2005-09-06" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow"/>
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<title>Directory Server (LDAP) - Attributes</title>
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
<link rel="stylesheet" type="text/css" href="ic.css" />
</head>
<body>
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>
<a name="rzahyconfigsa"></a>
<h3 id="rzahyconfigsa">Attributes</h3>
<ul>
<li><a href="rzahyconfigsa.htm#cn">cn</a></li>
<li><a href="rzahyconfigsa.htm#acimech">ibm-slapdACIMechanism</a></li>
<li><a href="rzahyconfigsa.htm#aclacc">ibm-slapdACLAccess</a></li>
<li><a href="rzahyconfigsa.htm#aclcache">ibm-slapdACLCache</a></li>
<li><a href="rzahyconfigsa.htm#acchesiz">ibm-slapdACLCacheSize</a></li>
<li><a href="rzahyconfigsa.htm#addn">ibm-slapdAdminDN</a></li>
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#adgrpen">ibm-slapdAdminGroupEnabled</a><img src="deltaend.gif" alt="End of change" /></li>
<li><a href="rzahyconfigsa.htm#adpw">ibm-slapdAdminPW</a></li>
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#alanon">ibm-slapdAllowAnon</a><img src="deltaend.gif" alt="End of change" /></li>
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#allreap">ibm-slapdAllReapingThreshold</a><img src="deltaend.gif" alt="End of change" /></li>
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#anonreap">ibm-slapdAnonReapingThreshold</a><img src="deltaend.gif" alt="End of change" /></li>
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#bndreap">ibm-slapdBoundReapingThreshold</a><img src="deltaend.gif" alt="End of change" /></li>
<li><a href="rzahyconfigsa.htm#blkerr">ibm-slapdBulkloadErrors</a></li>
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#cachattr">ibm-slapdCachedAttribute</a><img src="deltaend.gif" alt="End of change" /></li>
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#cacheauto">ibm-slapdCachedAttributeAutoAdjust</a><img src="deltaend.gif" alt="End of change" /></li>
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#cacheautotime">ibm-slapdCachedAttributeAutoAdjustTime</a><img src="deltaend.gif" alt="End of change" /></li>
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#cacheautotimeint">ibm-slapdCachedAttributeAutoAdjustTimeInterval</a><img src="deltaend.gif" alt="End of change" /></li>
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#cachatsz">ibm-slapdCachedAttributeSize</a><img src="deltaend.gif" alt="End of change" /></li>
<li><a href="rzahyconfigsa.htm#clme">ibm-slapdChangeLogMaxEntries</a></li>
<li><a href="rzahyconfigsa.htm#clierr">ibm-slapdCLIErrors</a></li>
<li><a href="rzahyconfigsa.htm#crw">ibm-slapdConcurrentRW</a></li>
<li><a href="rzahyconfigsa.htm#db2cp">ibm-slapdDB2CP</a></li>
<li><a href="rzahyconfigsa.htm#dbalias">ibm-slapdDBAlias</a></li>
<li><a href="rzahyconfigsa.htm#dbcon">ibm-slapdDbConnections</a></li>
<li><a href="rzahyconfigsa.htm#dbinst">ibm-slapdDbInstance</a></li>
<li><a href="rzahyconfigsa.htm#dbloc">ibm-slapdDbLocation</a></li>
<li><a href="rzahyconfigsa.htm#dbname">ibm-slapdDbName</a></li>
<li><a href="rzahyconfigsa.htm#dbusrid">ibm-slapdDbUserID</a></li>
<li><a href="rzahyconfigsa.htm#dbusrid">ibm-slapdDbUserPW</a></li>
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#derefal">ibm-slapdDerefAliases</a><img src="deltaend.gif" alt="End of change" /></li>
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#digadmin">ibm-slapdDigestAdminUser</a><img src="deltaend.gif" alt="End of change" /></li>
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#digattr">ibm-slapdDigestAttr</a><img src="deltaend.gif" alt="End of change" /></li>
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#digrealm">ibm-slapdDigestRealm</a><img src="deltaend.gif" alt="End of change" /></li>
<li><a href="rzahyconfigsa.htm#een">ibm-slapdEnableEventNotification</a></li>
<li><a href="rzahyconfigsa.htm#entchsz">ibm-slapdEntryCacheSize</a></li>
<li><a href="rzahyconfigsa.htm#erlog">ibm-slapdErrorLog</a></li>
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#eszthr">ibm-slapdESizeThreshold</a><img src="deltaend.gif" alt="End of change" /></li>
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#ethract">ibm-slapdEThreadActivate</a><img src="deltaend.gif" alt="End of change" /></li>
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#ethrden">ibm-slapdEThreadEnable</a><img src="deltaend.gif" alt="End of change" /></li>
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#etime">ibm-slapdETimeThreshold</a><img src="deltaend.gif" alt="End of change" /></li>
<li><a href="rzahyconfigsa.htm#fltchbpl">ibm-slapdFilterCacheBypassLimit</a></li>
<li><a href="rzahyconfigsa.htm#fltchsz">ibm-slapdFilterCacheSize</a></li>
<li><a href="rzahyconfigsa.htm#idtmout">ibm-slapdIdleTimeOut</a></li>
<li><a href="rzahyconfigsa.htm#incsch">ibm-slapdIncludeSchema</a></li>
<li><a href="rzahyconfigsa.htm#krbadn"> ibm-slapdKrbAdminDN</a></li>
<li><a href="rzahyconfigsa.htm#krbe">ibm-slapdKrbEnable</a></li>
<li><a href="rzahyconfigsa.htm#krbim">ibm-slapdKrbIdentityMap</a></li>
<li><a href="rzahyconfigsa.htm#krbkey">ibm-slapdKrbKeyTab</a></li>
<li><a href="rzahyconfigsa.htm#krbrlm">ibm-slapdKrbRealm</a></li>
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#langtag">ibm-slapdLanguageTagsEnabled</a><img src="deltaend.gif" alt="End of change" /></li>
<li><a href="rzahyconfigsa.htm#crlh">ibm-slapdLdapCrlHost</a></li>
<li><a href="rzahyconfigsa.htm#crlpw">ibm-slapdLdapCrlPassword </a></li>
<li><a href="rzahyconfigsa.htm#crlport">ibm-slapdLdapCrlPort</a></li>
<li><a href="rzahyconfigsa.htm#crlusr">ibm-slapdLdapCrlUser</a></li>
<li><a href="rzahyconfigsa.htm#mastdn">ibm-slapdMasterDN</a></li>
<li><a href="rzahyconfigsa.htm#mastpw">ibm-slapdMasterPW</a></li>
<li><a href="rzahyconfigsa.htm#mastref"> ibm-slapdMasterReferral</a></li>
<li><a href="rzahyconfigsa.htm#mepc">ibm-slapdMaxEventsPerConnection</a></li>
<li><a href="rzahyconfigsa.htm#met">ibm-slapdMaxEventsTotal</a></li>
<li><a href="rzahyconfigsa.htm#mnot">ibm-slapdMaxNumOfTransactions</a></li>
<li><a href="rzahyconfigsa.htm#mopt">ibm-slapdMaxOpPerTransaction</a></li>
<li><a href="rzahyconfigsa.htm#mxpndch">ibm-slapdMaxPendingChangesDisplayed</a></li>
<li><a href="rzahyconfigsa.htm#mtlot">ibm-slapdMaxTimeLimitOfTransactions</a></li>
<li><a href="rzahyconfigsa.htm#pgesal">ibm-slapdPagedResAllowNonAdmin</a></li>
<li><a href="rzahyconfigsa.htm#pglmt">ibm-slapdPagedResLmt</a></li>
<li><a href="rzahyconfigsa.htm#pgslmt">ibm-slapdPageSizeLmt</a></li>
<li><a href="rzahyconfigsa.htm#plug">ibm-slapdPlugin</a></li>
<li><a href="rzahyconfigsa.htm#port">ibm-slapdPort</a></li>
<li><a href="rzahyconfigsa.htm#pwe">ibm-slapdPwEncryption</a></li>
<li><a href="rzahyconfigsa.htm#ro">ibm-slapdReadOnly</a></li>
<li><a href="rzahyconfigsa.htm#ref">ibm-slapdReferral</a></li>
<li><a href="rzahyconfigsa.htm#repdbcn">ibm-slapdReplDbConns</a></li>
<li><a href="rzahyconfigsa.htm#repsbtr">ibm-slapdReplicaSubtree</a></li>
<li><a href="rzahyconfigsa.htm#schadds">ibm-slapdSchemaAdditions</a></li>
<li><a href="rzahyconfigsa.htm#schchk">ibm-slapdSchemaCheck</a></li>
<li><a href="rzahyconfigsa.htm#secpt">ibm-slapdSecurePort</a></li>
<li><a href="rzahyconfigsa.htm#sec">ibm-slapdSecurity</a></li>
<li><a href="rzahyconfigsa.htm#srvid">ibm-slapdServerId</a></li>
<li><a href="rzahyconfigsa.htm#setenv">ibm-slapdSetenv</a></li>
<li><a href="rzahyconfigsa.htm#sizel">ibm-slapdSizeLimit</a></li>
<li><a href="rzahyconfigsa.htm#keylmt">ibm-slapdSortKeyLimit</a></li>
<li><a href="rzahyconfigsa.htm#srchal">ibm-slapdSortSrchAllowNonAdmin</a></li>
<li><a href="rzahyconfigsa.htm#ssla">ibm-slapdSslAuth</a></li>
<li><a href="rzahyconfigsa.htm#sslc">ibm-slapdSslCertificate</a></li>
<li><a href="rzahyconfigsa.htm#nsslcs">ibm-slapdSslCipherSpec</a></li>
<li><a href="rzahyconfigsa.htm#sslkd">ibm-slapdSslKeyDatabase</a></li>
<li><a href="rzahyconfigsa.htm#sslkdpw">ibm-slapdSslKeyDatabasePW </a></li>
<li><a href="rzahyconfigsa.htm#keyring">ibm-slapdSslKeyRingFile</a></li>
<li><a href="rzahyconfigsa.htm#suff">ibm-slapdSuffix </a></li>
<li><a href="rzahyconfigsa.htm#spwebadm">ibm-slapdSupportedWebAdmVersion</a></li>
<li><a href="rzahyconfigsa.htm#syslogl">ibm-slapdSysLogLevel </a></li>
<li><a href="rzahyconfigsa.htm#tl">ibm-slapdTimeLimit</a></li>
<li><a href="rzahyconfigsa.htm#transe">ibm-slapdTransactionEnable</a></li>
<li><a href="rzahyconfigsa.htm#upidpw">ibm-slapdUseProcessIdPw</a></li>
<li><a href="rzahyconfigsa.htm#vers">ibm-slapdVersion</a></li>
<li><img src="delta.gif" alt="Start of change" /><a href="rzahyconfigsa.htm#wrtmout">ibm-slapdWriteTimeout</a><img src="deltaend.gif" alt="End of change" /></li>
<li><a href="rzahyconfigsa.htm#objcl">objectClass </a></li></ul>
<a name="cn"></a>
<p id="cn"><span class="bold">cn</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>This is the X.500 common Name attribute, which contains a name of an
object.
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string
</dd>
<dt class="bold">Maximum Length</dt>
<dd>256
</dd>
<dt class="bold">Value</dt>
<dd>Multi-valued
</dd>
</dl></blockquote>
<a name="acimech"></a>
<p id="acimech"><span class="bold">ibm-slapdACIMechanism</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Determines which ACL model the server uses. (Supported only on i5/OS
and OS/400 as of v3.2, ignored on other platforms.)
<ul>
<li>1.3.18.0.2.26.1 = IBM SecureWay v3.1 ACL model</li>
<li>1.3.18.0.2.26.2 = IBM SecureWay v3.2 ACL model</li></ul>
</dd>
<dt class="bold">Default</dt>
<dd>1.3.18.0.2.26.2 = IBM SecureWay v3.2 ACL model
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string
</dd>
<dt class="bold">Maximum Length</dt>
<dd>256
</dd>
<dt class="bold">Value</dt>
<dd>Multi-valued.
</dd>
</dl></blockquote>
<a name="aclacc"></a>
<p id="aclacc"><span class="bold">ibm-slapdACLAccess</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Controls whether access to ACLs is enabled. If set to TRUE,
access to ACLs is enabled. If set to FALSE, access to ACLs is disabled.
</dd>
<dt class="bold">Default</dt>
<dd>TRUE
</dd>
<dt class="bold">Syntax</dt>
<dd>Boolean
</dd>
<dt class="bold">Maximum Length</dt>
<dd>5
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="aclcache"></a>
<p id="aclcache"><span class="bold">ibm-slapdACLCache</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Controls whether or not the server caches ACL information.
<ul>
<li>If set to TRUE, the server caches ACL information.</li>
<li>If set to FALSE, the server does not cache ACL information.</li></ul>
</dd>
<dt class="bold">Default</dt>
<dd>TRUE
</dd>
<dt class="bold">Syntax</dt>
<dd>Boolean
</dd>
<dt class="bold">Maximum Length</dt>
<dd>5
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="acchesiz"></a>
<p id="acchesiz"><span class="bold">ibm-slapdACLCacheSize</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Maximum number of entries to keep in the ACL Cache.
</dd>
<dt class="bold">Default</dt>
<dd>25000
</dd>
<dt class="bold">Syntax</dt>
<dd>Integer
</dd>
<dt class="bold">Maximum Length</dt>
<dd>11
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="addn"></a>
<p id="addn"><span class="bold">ibm-slapdAdminDN</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>The administrator bind DN for Directory Server.
</dd>
<dt class="bold">Default</dt>
<dd>cn=root
</dd>
<dt class="bold">Syntax</dt>
<dd>DN
</dd>
<dt class="bold">Maximum Length</dt>
<dd>Unlimited
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="adgrpen"></a>
<p id="adgrpen"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdAdminGroupEnabled</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
<dl><img src="delta.gif" alt="Start of change" />
<dt class="bold">Description</dt>
<dd>Specifies whether the Administrative Group is currently enabled. If
set to TRUE, the server will allow users in the administrative group to log
in.
</dd>
<dt class="bold">Default</dt>
<dd>FALSE
</dd>
<dt class="bold">Syntax</dt>
<dd>Boolean
</dd>
<dt class="bold">Maximum Length</dt>
<dd>128
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd><img src="deltaend.gif" alt="End of change" />
</dl></blockquote>
<a name="adpw"></a>
<p id="adpw"><span class="bold">ibm-slapdAdminPW</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>The administrator bind Password for Directory Server.
</dd>
<dt class="bold">Default</dt>
<dd>secret
</dd>
<dt class="bold">Syntax</dt>
<dd>Binary
</dd>
<dt class="bold">Maximum Length</dt>
<dd>128
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="alanon"></a>
<p id="alanon"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdAllowAnon</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
<dl><img src="delta.gif" alt="Start of change" />
<dt class="bold">Description</dt>
<dd>Specifies if anonymous binds are allowed.
</dd>
<dt class="bold">Default</dt>
<dd>True
</dd>
<dt class="bold">Syntax</dt>
<dd>Boolean
</dd>
<dt class="bold">Maximum Length</dt>
<dd>128
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd><img src="deltaend.gif" alt="End of change" />
</dl></blockquote>
<a name="allreap"></a>
<p id="allreap"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdAllReapingThreshold</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies a number of connections to maintain in the server before connection
management is activated.
</dd>
<dt class="bold">Default</dt>
<dd>1200
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-exact matching.
</dd>
<dt class="bold">Maximum Length</dt>
<dd>1024
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="anonreap"></a>
<p id="anonreap"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdAnonReapingThreshold</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies a number of connections to maintain in the server before connection
management of anonymous connections is activated.
</dd>
<dt class="bold">Default</dt>
<dd>0
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-exact matching.
</dd>
<dt class="bold">Maximum Length</dt>
<dd>1024
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="bndreap"></a>
<p id="bndreap"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdBoundReapingThreshold</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
<dl><img src="delta.gif" alt="Start of change" />
<dt class="bold">Description</dt>
<dd>Specifies a number of connections to maintain in the server before connection
management of anonymous and bound connections is activated.
</dd>
<dt class="bold">Default</dt>
<dd>1100
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-exact matching.
</dd>
<dt class="bold">Maximum Length</dt>
<dd>1024
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd><img src="deltaend.gif" alt="End of change" />
</dl></blockquote>
<a name="blkerr"></a>
<p id="blkerr"><span class="bold">ibm-slapdBulkloadErrors</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>File path or device on ibmslapd host machine to which bulkload
error messages will be written.
</dd>
<dt class="bold">Default</dt>
<dd>/var/bulkload.log
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-exact matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>1024
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="cachattr"></a>
<p id="cachattr"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdCachedAttribute</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
<dl><img src="delta.gif" alt="Start of change" />
<dt class="bold">Description</dt>
<dd>Contains the names of the attributes to be cached in the attribute cache,
one attribute name per value.
</dd>
<dt class="bold">Default</dt>
<dd>None
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string
</dd>
<dt class="bold">Maximum Length</dt>
<dd>256
</dd>
<dt class="bold">Value</dt>
<dd>Multi-valued
</dd><img src="deltaend.gif" alt="End of change" />
</dl></blockquote>
<a name="cacheauto"></a>
<p id="cacheauto"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdCachedAttributeAutoAdjust</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
<dl><img src="delta.gif" alt="Start of change" />
<dt class="bold">Description</dt>
<dd>Controls whether the server will automatically adjust the attribute
caches at configured time intervals defined in ibm-slapdCachedAttributeAutoAdjustTime
and ibm-slapdCachedAttributeAutoAdjustTimeInterval.
</dd>
<dt class="bold">Default</dt>
<dd>FALSE
</dd>
<dt class="bold">Syntax</dt>
<dd>Boolean
</dd>
<dt class="bold">Maximum Length</dt>
<dd>5
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd><img src="deltaend.gif" alt="End of change" />
</dl></blockquote>
<a name="cacheautotime"></a>
<p id="cacheautotime"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdCachedAttributeAutoAdjustTime</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
<dl><img src="delta.gif" alt="Start of change" />
<dt class="bold">Description</dt>
<dd>When ibm-slapdCachedAttributeAutoAdjust is set to TRUE, controls the
time at which the server begins to adjust attribute caches automatically.
<pre class="xmp">Minimum = T000000
Maximum = T235959</pre>
</dd>
<dt class="bold">Default</dt>
<dd>T000000
</dd>
<dt class="bold">Syntax</dt>
<dd>Military time
</dd>
<dt class="bold">Maximum Length</dt>
<dd>7
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd><img src="deltaend.gif" alt="End of change" />
</dl></blockquote>
<a name="cacheautotimeint"></a>
<p id="cacheautotimeint"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdCachedAttributeAutoAdjustTimeInterval</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
<dl><img src="delta.gif" alt="Start of change" />
<dt class="bold">Description</dt>
<dd>When ibm-slapdCachedAttributeAutoAdjust is set to TRUE, controls the
time interval between automatic adjustments of the attribute cache.
<pre class="xmp">Minimum = 1
Maximum = 24</pre>
</dd>
<dt class="bold">Default</dt>
<dd>2
</dd>
<dt class="bold">Syntax</dt>
<dd>Integer
</dd>
<dt class="bold">Maximum Length</dt>
<dd>2
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd><img src="deltaend.gif" alt="End of change" />
</dl></blockquote>
<a name="cachatsz"></a>
<p id="cachatsz"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdCachedAttributeSize</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Amount of memory, in bytes, that can be used by the attribute cache.
A value of 0 indicates not use an attribute cache.
</dd>
<dt class="bold">Default</dt>
<dd>0
</dd>
<dt class="bold">Syntax</dt>
<dd>Integer
</dd>
<dt class="bold">Maximum Length</dt>
<dd>11
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued.
</dd>
</dl></blockquote>
<a name="clme"></a>
<p id="clme"><span class="bold">ibm-slapdChangeLogMaxEntries</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>This attribute is used by a change log plug-in to specify the maximum
number of change log entries allowed in the RDBM database. Each change log
has its own changeLogMaxEntries attribute.
<pre class="xmp">Minimum = 0 (unlimited)
Maximum = 2,147,483,647 (32-bit, signed integer)</pre>
</dd>
<dt class="bold">Default</dt>
<dd>0
</dd>
<dt class="bold">Syntax</dt>
<dd>Integer
</dd>
<dt class="bold">Maximum Length</dt>
<dd>11
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="clierr"></a>
<p id="clierr"><span class="bold">ibm-slapdCLIErrors</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>File path or device on ibmslapd host machine to which CLI
error messages will be written.
</dd>
<dt class="bold">Default</dt>
<dd>/var/db2cli.log
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-exact matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>1024
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="crw"></a>
<p id="crw"><span class="bold">ibm-slapdConcurrentRW</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Setting this to TRUE allows searches to proceed simultaneously
with updates. It allows for 'dirty reads', that is, results that might not
be consistent with the committed state of the database.
<div class="attention"><span class="attentiontitle">Attention: </span>This attribute is deprecated.</div>
</dd>
<dt class="bold">Default</dt>
<dd>FALSE
</dd>
<dt class="bold">Syntax</dt>
<dd>Boolean
</dd>
<dt class="bold">Maximum Length</dt>
<dd>5
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="db2cp"></a>
<p id="db2cp"><span class="bold">ibm-slapdDB2CP</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the code page of the directory database. 1208 is
the code page for UTF-8 databases.
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-exact matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>11
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="dbalias"></a>
<p id="dbalias"><span class="bold">ibm-slapdDBAlias</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>The DB2 database alias.
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-exact matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>8
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="dbcon"></a>
<p id="dbcon"><span class="bold">ibm-slapdDbConnections</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specify the number of DB2 connections the server will dedicate to the
DB2 backend. The value must be between 5 &amp; 50 (inclusive).
<a name="wq394"></a>
<div class="notetitle" id="wq394">Note:</div>
<div class="notebody">ODBCCONS environment variable overrides the value of this
directive.</div>If ibm-slapdDbConnections (or ODBCCONS) is less
than 5 or greater than 50, the server will use 5 or 50 respectively. 1 additional
connection will be created for replication (even if no replication is defined).
2 additional connections will be created for the change log (if change log
is enabled).
</dd>
<dt class="bold">Default</dt>
<dd>15
</dd>
<dt class="bold">Syntax</dt>
<dd>Integer
</dd>
<dt class="bold">Maximum Length</dt>
<dd>50
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="dbinst"></a>
<p id="dbinst"><span class="bold">ibm-slapdDbInstance</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the DB2 database instance for this backend.
</dd>
<dt class="bold">Default</dt>
<dd>ldapdb2
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-exact matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>8
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
<a name="wq395"></a>
<div class="notetitle" id="wq395">Note:</div>
<div class="notebody">All ibm-slapdRdbmBackend objects must use
the same ibm-slapdDbInstance, ibm-slapdDbUserID, ibm-slapdDbUserPW and
DB2 character set.</div>
</dd>
</dl></blockquote>
<a name="dbloc"></a>
<p id="dbloc"><span class="bold">ibm-slapdDbLocation</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>The file system path where the backend database is located.
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-exact matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>1024
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="dbname"></a>
<p id="dbname"><span class="bold">ibm-slapdDbName</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the DB2 database name for this backend.
</dd>
<dt class="bold">Default</dt>
<dd>ldapdb2
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-exact matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>8
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="dbusrid"></a>
<p id="dbusrid"><span class="bold">ibm-slapdDbUserID</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the user name with which to bind to the DB2 database for this
backend.
</dd>
<dt class="bold">Default</dt>
<dd>ldapdb2
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-exact matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>8
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
<a name="wq396"></a>
<div class="notetitle" id="wq396">Note:</div>
<div class="notebody">All ibm-slapdRdbmBackend objects must use
the same ibm-slapdDbInstance ibm-slapdDbUserID, ibm-slapdDbUserPW and DB2
character set.</div>
</dd>
</dl></blockquote>
<a name="derefal"></a>
<p id="derefal"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdDerefAliases</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
<dl><img src="delta.gif" alt="Start of change" />
<dt class="bold">Description</dt>
<dd>Maximum alias dereferencing level on search requests, regardless of
any derefAliases that may have been specified on the client requests. Allowed
values are <span class="bold">never</span>, <span class="bold">find</span>, <span class="bold">search</span> and <span class="bold">always</span>.
</dd>
<dt class="bold">Default</dt>
<dd>always
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string
</dd>
<dt class="bold">Maximum Length</dt>
<dd>6
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd><img src="deltaend.gif" alt="End of change" />
</dl></blockquote>
<a name="dbusrpw"></a>
<p id="dbusrpw"><span class="bold">ibm-slapdDbUserPW</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the user password with which to bind to the DB2 database for
this backend. The password can be plain text or imask encrypted.
</dd>
<dt class="bold">Default</dt>
<dd>ldapdb2
</dd>
<dt class="bold">Syntax</dt>
<dd>Binary
</dd>
<dt class="bold">Maximum Length</dt>
<dd>128
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
<a name="wq397"></a>
<div class="notetitle" id="wq397">Note:</div>
<div class="notebody">All ibm-slapdRdbmBackend objects must use
the same ibm-slapdDbInstance, ibm-slapdDbUserID, ibm-slapdDbUserPW and DB2
character set.</div>
</dd>
</dl></blockquote>
<a name="digadmin"></a>
<p id="digadmin"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdDigestAdminUser</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
<dl><img src="delta.gif" alt="Start of change" />
<dt class="bold">Description</dt>
<dd>Specifies the Digest MD5 User Name of the LDAP administrator or administrative
group member. Used when MD5 Digest authentication is used to authenticate
an administrator.
</dd>
<dt class="bold">Default</dt>
<dd>None
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string
</dd>
<dt class="bold">Maximum Length</dt>
<dd>512
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd><img src="deltaend.gif" alt="End of change" />
</dl></blockquote>
<a name="digattr"></a>
<p id="digattr"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdDigestAttr</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
<dl><img src="delta.gif" alt="Start of change" />
<dt class="bold">Description</dt>
<dd>Overrides the default DIGEST-MD5 username attribute. The name of the
attribute to use for DIGEST-MD5 SASL bind username lookup. If the value
is not specified, the server uses uid.
</dd>
<dt class="bold">Default</dt>
<dd>If not specified, the server uses uid.
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string.
</dd>
<dt class="bold">Maximum Length</dt>
<dd>64
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd><img src="deltaend.gif" alt="End of change" />
</dl></blockquote>
<a name="digrealm"></a>
<p id="digrealm"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdDigestRealm</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
<dl><img src="delta.gif" alt="Start of change" />
<dt class="bold">Description</dt>
<dd>Overrides the default DIGEST-MD5 realm. A string that can enable users
to know which username and password to use, in case they might have different
ones for different servers. Conceptually, it is the name of a collection
of accounts that might include the users account. This string should contain
at least the name of the host performing the authentication and might additionally
indicate the collection of users who might have access. An example might be
<tt class="xph">registered_users@gotham.news.example.com</tt>. If the attribute is
not specified, the server uses the fully qualified hostname of the server.
</dd>
<dt class="bold">Default</dt>
<dd>The fully qualified hostname of the server
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string.
</dd>
<dt class="bold">Maximum Length</dt>
<dd>1024
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd><img src="deltaend.gif" alt="End of change" />
</dl></blockquote>
<a name="een"></a>
<p id="een"><span class="bold">ibm-slapdEnableEventNotification</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies whether to enable Event Notification. It must be set to either
TRUE or FALSE.
<p>If set to FALSE, the server rejects all client
requests to register event notifications with the extended result LDAP_UNWILLING_TO_PERFORM.</p>
</dd>
<dt class="bold">Default</dt>
<dd>TRUE
</dd>
<dt class="bold">Syntax</dt>
<dd>Boolean
</dd>
<dt class="bold">Maximum Length</dt>
<dd>5
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="entchsz"></a>
<p id="entchsz"><span class="bold">ibm-slapdEntryCacheSize</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Maximum number of entries to keep in the entry cache.
</dd>
<dt class="bold">Default</dt>
<dd>25000
</dd>
<dt class="bold">Syntax</dt>
<dd>Integer
</dd>
<dt class="bold">Maximum Length</dt>
<dd>11
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="erlog"></a>
<p id="erlog"><span class="bold">ibm-slapdErrorLog</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the file path or device on the Directory Server
machine to which error messages are written.
</dd>
<dt class="bold">Default</dt>
<dd>/var/ibmslapd.log
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-exact matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>1024
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="eszthr"></a>
<p id="eszthr"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdESizeThreshold</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
<dl><img src="delta.gif" alt="Start of change" />
<dt class="bold">Description</dt>
<dd>Specifies the number of work items on the work queue before the Emergency
thread is activated.
</dd>
<dt class="bold">Default</dt>
<dd>50
</dd>
<dt class="bold">Syntax</dt>
<dd>Integer
</dd>
<dt class="bold">Maximum Length</dt>
<dd>1024
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd><img src="deltaend.gif" alt="End of change" />
</dl></blockquote>
<a name="ethract"></a>
<p id="ethract"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdEThreadActivate</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
<dl><img src="delta.gif" alt="Start of change" />
<dt class="bold">Description</dt>
<dd>Specifies which conditions will activate the Emergency Thread. Must
be set to one of the following values:
<dl>
<dt class="bold">S</dt>
<dd>Size only
</dd>
<dt class="bold">T</dt>
<dd>Time only
</dd>
<dt class="bold">SOT</dt>
<dd>Size or time
</dd>
<dt class="bold">SAT</dt>
<dd>Size and time
</dd>
</dl>
</dd>
<dt class="bold">Default</dt>
<dd>SAT
</dd>
<dt class="bold">Syntax</dt>
<dd>String
</dd>
<dt class="bold">Maximum Length</dt>
<dd>1024
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd><img src="deltaend.gif" alt="End of change" />
</dl></blockquote>
<a name="ethrden"></a>
<p id="ethrden"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdEThreadEnable</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
<dl><img src="delta.gif" alt="Start of change" />
<dt class="bold">Description</dt>
<dd>Specifies if the Emergency Thread is active.
</dd>
<dt class="bold">Default</dt>
<dd>True
</dd>
<dt class="bold">Syntax</dt>
<dd>Boolean
</dd>
<dt class="bold">Maximum Length</dt>
<dd>1024
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd><img src="deltaend.gif" alt="End of change" />
</dl></blockquote>
<a name="etime"></a>
<p id="etime"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdETimeThreshold</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
<dl><img src="delta.gif" alt="Start of change" />
<dt class="bold">Description</dt>
<dd>Specifies the amount of time in minutes between items removed from the
work queue before the Emergency thread is activated.
</dd>
<dt class="bold">Default</dt>
<dd>5
</dd>
<dt class="bold">Syntax</dt>
<dd>Integer
</dd>
<dt class="bold">Maximum Length</dt>
<dd>1024
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd><img src="deltaend.gif" alt="End of change" />
</dl></blockquote>
<a name="fltchbpl"></a>
<p id="fltchbpl"><span class="bold">ibm-slapdFilterCacheBypassLimit</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Search filters that match more than this number of entries
will not be added to the Search Filter cache. Because the list of entry IDs
that matched the filter are included in this cache, this setting helps to
limit memory use. A value of 0 indicates no limit.
</dd>
<dt class="bold">Default</dt>
<dd>100
</dd>
<dt class="bold">Syntax</dt>
<dd>Integer
</dd>
<dt class="bold">Maximum Length</dt>
<dd>11
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="fltchsz"></a>
<p id="fltchsz"><span class="bold">ibm-slapdFilterCacheSize</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the maximum number of entries to keep in the Search
Filter Cache.
</dd>
<dt class="bold">Default</dt>
<dd>25000
</dd>
<dt class="bold">Syntax</dt>
<dd>Integer
</dd>
<dt class="bold">Maximum Length</dt>
<dd>11
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="idtmout"></a>
<p id="idtmout"><span class="bold">ibm-slapdIdleTimeOut</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Maximum time to keep an LDAP connection open when there is
no activity on the connection. The idle time for an LDAP connection is the
time (in seconds) between the last activity on the connection and the current
time. If the connection has expired, based on the idle time being greater
than the value of this attribute, the LDAP server will clean up and end the
LDAP connection, making it available for other incoming requests.
</dd>
<dt class="bold">Default</dt>
<dd>300
</dd>
<dt class="bold">Syntax</dt>
<dd>Integer
</dd>
<dt class="bold">Length</dt>
<dd>11
</dd>
<dt class="bold">Count</dt>
<dd>Single
</dd>
<dt class="bold">Usage</dt>
<dd>Directory operation
</dd>
<dt class="bold">User Modify</dt>
<dd>Yes
</dd>
<dt class="bold">Access Class</dt>
<dd>Critical
</dd>
<dt class="bold">Required</dt>
<dd>No
</dd>
</dl></blockquote>
<a name="incsch"></a>
<p id="incsch"><span class="bold">ibm-slapdIncludeSchema</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies a file path on the Directory Server server machine
containing schema definitions.
</dd>
<dt class="bold">Default</dt>
<dd>
<ul class="simple">
<li>/etc/V3.system.at</li>
<li>/etc/V3.system.oc</li>
<li>/etc/V3.config.at</li>
<li>/etc/V3.config.oc</li>
<li>/etc/V3.ibm.at</li>
<li>/etc/V3.ibm.oc</li>
<li> /etc/V3.user.at</li>
<li>/etc/V3.user.oc</li>
<li>/etc/V3.ldapsyntaxes</li>
<li>/etc/V3.matchingrules</li></ul>
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-exact matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>1024
</dd>
<dt class="bold">Value</dt>
<dd>Multi-valued
</dd>
</dl></blockquote>
<a name="krbadn"></a>
<p id="krbadn"><span class="bold">ibm-slapdKrbAdminDN</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the Kerberos ID of the LDAP administrator (for example, ibm-kn=admin1@realm1).
Used when Kerberos authentication is used to authenticate the administrator
when logged onto the Server Administration interface. This might be specified
instead of or in addition to adminDN and adminPW.
</dd>
<dt class="bold">Default</dt>
<dd>No preset default is defined.
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-exact matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>128
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="krbe"></a>
<p id="krbe"><span class="bold">ibm-slapdKrbEnable</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies whether the server supports Kerberos. It must be either TRUE
or FALSE.
</dd>
<dt class="bold">Default</dt>
<dd>TRUE
</dd>
<dt class="bold">Syntax</dt>
<dd>Boolean
</dd>
<dt class="bold">Maximum Length</dt>
<dd>5
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="krbim"></a>
<p id="krbim"><span class="bold">ibm-slapdKrbIdentityMap</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies whether to use Kerberos identity mapping. It must be set to
either TRUE or FALSE. If set to TRUE, when a client is authenticated with
a Kerberos ID, the server searches for all local users with matching Kerberos
credentials, and adds those user DNs to the bind credentials of the connection.
This allows ACLs based on LDAP user DNs to still be usable with Kerberos.
</dd>
<dt class="bold">Default</dt>
<dd>FALSE
</dd>
<dt class="bold">Syntax</dt>
<dd>Boolean
</dd>
<dt class="bold">Maximum Length</dt>
<dd>5
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="krbkey"></a>
<p id="krbkey"><span class="bold">ibm-slapdKrbKeyTab</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the LDAP server Kerberos keytab file. This file contains the
LDAP server private key, that is associated with its Kerberos account. This
file is to be protected (like the server SSL key database file).
</dd>
<dt class="bold">Default</dt>
<dd>No preset default is defined.
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-exact matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>1024
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="krbrlm"></a>
<p id="krbrlm"><span class="bold">ibm-slapdKrbRealm</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the Kerberos realm of the LDAP server. It is used to publish
the ldapservicename attribute in the root DSE. Note that an LDAP server can
serve as the repository of account information for multiple KDCs (and realms),
but the LDAP server, as a kerberized server, can only be a member of a single
realm.
</dd>
<dt class="bold">Default</dt>
<dd>No preset default is defined.
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-insensitive matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>256
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="langtag"></a>
<p id="langtag"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdLanguageTagsEnabled</span><img src="deltaend.gif" alt="End of change" /></p><blockquote>
<dl><img src="delta.gif" alt="Start of change" />
<dt class="bold">Description</dt>
<dd>Whether or not the server should allow language tags. The value read
from the ibmslapd.conf file for this attribute is FALSE, but, can be set to
TRUE.
</dd>
<dt class="bold">Default</dt>
<dd>FALSE
</dd>
<dt class="bold">Syntax</dt>
<dd>Boolean
</dd>
<dt class="bold">Maximum Length</dt>
<dd>5
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd><img src="deltaend.gif" alt="End of change" />
</dl></blockquote>
<a name="crlh"></a>
<p id="crlh"><span class="bold">ibm-slapdLdapCrlHost</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the host name of the LDAP server that contains the
Certificate Revocation Lists (CRLs) for validating client x.509v3 certificates.
This parameter is needed when ibm-slapdSslAuth=serverclientauth and the client
certificates have been issued for CRL validation.
</dd>
<dt class="bold">Default</dt>
<dd>No preset default is defined.
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-insensitive matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>256
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="crlpw"></a>
<p id="crlpw"><span class="bold">ibm-slapdLdapCrlPassword</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the password that server-side SSL uses to bind to
the LDAP server that contains the Certificate Revocation Lists (CRLs) for
validating client x.509v3 certificates. This parameter might be needed when
ibm-slapdSslAuth=serverclientauth and the client certificates have been issued
for CRL validation.
<a name="wq398"></a>
<div class="notetitle" id="wq398">Note:</div>
<div class="notebody">If the LDAP server
holding the CRLs permits unauthenticated access to the CRLs (that is, anonymous
access), then ibm-slapdLdapCrlPassword is not required.</div>
</dd>
<dt class="bold">Default</dt>
<dd>No preset default is defined.
</dd>
<dt class="bold">Syntax</dt>
<dd>Binary
</dd>
<dt class="bold">Maximum Length</dt>
<dd>128
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="crlport"></a>
<p id="crlport"><span class="bold">ibm-slapdLdapCrlPort</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the port used to connect to the LDAP server that
contains the Certificate Revocation Lists (CRLs) for validating client x.509v3
certificates. This parameter is needed when ibm-slapdSslAuth=serverclientauth
and the client certificates have been issued for CRL validation. (IP ports
are unsigned, 16-bit integers in the range 1 - 65535)
</dd>
<dt class="bold">Default</dt>
<dd>No preset default is defined.
</dd>
<dt class="bold">Syntax</dt>
<dd>Integer
</dd>
<dt class="bold">Maximum Length</dt>
<dd>11
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="crlusr"></a>
<p id="crlusr"><span class="bold">ibm-slapdLdapCrlUser</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the bindDN that the server-side SSL uses to bind
to the LDAP server that contains the Certificate Revocation Lists (CRLs) for
validating client x.509v3 certificates. This parameter might be needed when
ibm-slapdSslAuth=serverclientauth and the client certificates have been issued
for CRL validation.
<a name="wq399"></a>
<div class="notetitle" id="wq399">Note:</div>
<div class="notebody">If the LDAP server
holding the CRLs permits unauthenticated access to the CRLs (that is, anonymous
access), then ibm-slapdLdapCrlUser is not required.</div>
</dd>
<dt class="bold">Default</dt>
<dd>No preset default is defined.
</dd>
<dt class="bold">Syntax</dt>
<dd>DN
</dd>
<dt class="bold">Maximum Length</dt>
<dd>1000
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="mastdn"></a>
<p id="mastdn"><span class="bold">ibm-slapdMasterDN</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the bind DN of master server. The value must match the replicaBindDN
in the replicaObject defined for the master server. When Kerberos is used
to authenticate to the replica, ibm-slapdMasterDN must specify the DN representation
of the Kerberos ID (for example, ibm-kn=freddy@realm1). When Kerberos
is used, MasterServerPW is ignored.
</dd>
<dt class="bold">Default</dt>
<dd>No preset default is defined.
</dd>
<dt class="bold">Syntax</dt>
<dd>DN
</dd>
<dt class="bold">Maximum Length</dt>
<dd>1000
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="mastpw"></a>
<p id="mastpw"><span class="bold">ibm-slapdMasterPW</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the bind password of master replica server. The value must
match replicaBindDN in the replicaObject defined for the master server. When
Kerberos is used to authenticate to the replica, ibm-slapdMasterDN must specify
the DN representation of the Kerberos ID (for example, ibm-kn=freddy@realm1).
When Kerberos is used, MasterServerPW is ignored.
</dd>
<dt class="bold">Default</dt>
<dd>No preset default is defined.
</dd>
<dt class="bold">Syntax</dt>
<dd>Binary
</dd>
<dt class="bold">Maximum Length</dt>
<dd>128
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="mastref"></a>
<p id="mastref"><span class="bold">ibm-slapdMasterReferral</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the URL of the master replica server. For example:
<pre class="xmp">ldap://master.us.ibm.com</pre> For security set
to SSL only:
<pre class="xmp"> ldaps://master.us.ibm.com:636 </pre>
For security set to none and using a nonstandard port:
<pre class="xmp">ldap://master.us.ibm.com:1389</pre>
</dd>
<dt class="bold">Default</dt>
<dd>none
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-insensitive matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>256
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="mepc"></a>
<p id="mepc"><span class="bold">ibm-slapdMaxEventsPerConnection</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the maximum number of event notifications which
can be registered per connection.
<pre class="xmp">Minimum = 0 (unlimited)
Maximum = 2,147,483,647</pre>
</dd>
<dt class="bold">Default</dt>
<dd>100
</dd>
<dt class="bold">Syntax</dt>
<dd>Integer
</dd>
<dt class="bold">Maximum Length</dt>
<dd>11
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="met"></a>
<p id="met"><span class="bold">ibm-slapdMaxEventsTotal</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the maximum total number of event notifications
which can be registered for all connections.
<pre class="xmp">Minimum = 0 (unlimited)
Maximum = 2,147,483,647</pre>
</dd>
<dt class="bold">Default</dt>
<dd>0
</dd>
<dt class="bold">Syntax</dt>
<dd>Integer
</dd>
<dt class="bold">Maximum Length</dt>
<dd>11
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="mnot"></a>
<p id="mnot"><span class="bold">ibm-slapdMaxNumOfTransactions</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the maximum number of transactions per server.
<pre class="xmp">Minimum = 0 (unlimited)
Maximum = 2,147,483,647</pre>
</dd>
<dt class="bold">Default</dt>
<dd>20
</dd>
<dt class="bold">Syntax</dt>
<dd>Integer
</dd>
<dt class="bold">Maximum Length</dt>
<dd>11
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="mopt"></a>
<p id="mopt"><span class="bold">ibm-slapdMaxOpPerTransaction</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the maximum number of operations per transaction.
<pre class="xmp">Minimum = 0 (unlimited)
Maximum = 2,147,483,647</pre>
</dd>
<dt class="bold">Default</dt>
<dd>5
</dd>
<dt class="bold">Syntax</dt>
<dd>Integer
</dd>
<dt class="bold">Maximum Length</dt>
<dd>11
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="mxpndch"></a>
<p id="mxpndch"><span class="bold">ibm-slapdMaxPendingChangesDisplayed</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Maximum number of pending changes to be displayed.
</dd>
<dt class="bold">Default</dt>
<dd>200
</dd>
<dt class="bold">Syntax</dt>
<dd>Integer
</dd>
<dt class="bold">Maximum Length</dt>
<dd>11
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="mtlot"></a>
<p id="mtlot"><span class="bold">ibm-slapdMaxTimeLimitOfTransactions</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the maximum timeout value of a pending transaction in seconds.
<pre class="xmp">Minimum = 0 (unlimited)
Maximum = 2,147,483,647</pre>
</dd>
<dt class="bold">Default</dt>
<dd>300
</dd>
<dt class="bold">Syntax</dt>
<dd>Integer
</dd>
<dt class="bold">Maximum Length</dt>
<dd>11
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="pgesal"></a>
<p id="pgesal"><span class="bold">ibm-slapdPagedResAllowNonAdmin</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Whether or not the server should allow non-Administrator bind
for paged results requests on a search request. If the value read from the
ibmslapd.conf file is FALSE, the server will process only those client requests
submitted by a user with Administrator authority. If a client requests paged
results for a search operation, does not have Administrator authority, and
the value read from the ibmslapd.conf file for this attribute is FALSE, the
server will return to the client with return code insufficientAccessRights;
no searching or paging will be performed.
</dd>
<dt class="bold">Default</dt>
<dd>FALSE
</dd>
<dt class="bold">Syntax</dt>
<dd>Boolean
</dd>
<dt class="bold">Length</dt>
<dd>5
</dd>
<dt class="bold">Count</dt>
<dd>Single
</dd>
<dt class="bold">Usage</dt>
<dd>directoryOperation
</dd>
<dt class="bold">User Modify</dt>
<dd>Yes
</dd>
<dt class="bold">Access Class</dt>
<dd>critical
</dd>
<dt class="bold">Objectclass</dt>
<dd>ibm-slapdRdbmBackend
</dd>
<dt class="bold">Required</dt>
<dd>No
</dd>
</dl></blockquote>
<a name="pglmt"></a>
<p id="pglmt"><span class="bold">ibm-slapdPagedResLmt</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Maximum number of outstanding paged results search requests
allowed active simultaneously. Range = 0.... If a client requests a paged
results operation, and a maximum number of outstanding paged results are currently
active, then the server will return to the client with return code of busy;
no searching or paging will be performed.
</dd>
<dt class="bold">Default</dt>
<dd>3
</dd>
<dt class="bold">Syntax</dt>
<dd>Integer
</dd>
<dt class="bold">Length</dt>
<dd>11
</dd>
<dt class="bold">Count</dt>
<dd>Single
</dd>
<dt class="bold">Usage</dt>
<dd>directoryOperation
</dd>
<dt class="bold">User Modify</dt>
<dd>Yes
</dd>
<dt class="bold">Access Class</dt>
<dd>critical
</dd>
<dt class="bold">Required</dt>
<dd>No
</dd>
<dt class="bold">Objectclass</dt>
<dd>ibm-slapdRdbmBackend
</dd>
</dl></blockquote>
<a name="pgslmt"></a>
<p id="pgslmt"><span class="bold">ibm-slapdPageSizeLmt</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Maximum number of entries to return from search for an individual
page when paged results control is specified, regardless of any pagesize that
might have been specified on the client search request. Range = 0.... If a
client has passed a page size, then the smaller value of the client value
and the value read from ibmslapd.conf will be used.
</dd>
<dt class="bold">Default</dt>
<dd>50
</dd>
<dt class="bold">Syntax</dt>
<dd>Integer
</dd>
<dt class="bold">Length</dt>
<dd>11
</dd>
<dt class="bold">Count</dt>
<dd>Single
</dd>
<dt class="bold">Usage</dt>
<dd>directoryOperation
</dd>
<dt class="bold">User Modify</dt>
<dd>Yes
</dd>
<dt class="bold">Access Class</dt>
<dd>critical
</dd>
<dt class="bold">Required</dt>
<dd>No
</dd>
<dt class="bold">Objectclass</dt>
<dd>ibm-slapdRdbmBackend
</dd>
</dl></blockquote>
<a name="plug"></a>
<p id="plug"><span class="bold">ibm-slapdPlugin</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>A plugin is a dynamically loaded library which extends the
capabilities of the server. An ibm-slapdPlugin attribute specifies to the
server how to load and initialize a plug-in library. The syntax is:
<pre class="xmp"><var class="pv">keyword filename</var> init_function [<var class="pv">args</var>...]</pre>The syntax is slightly different for each platform because
of library naming conventions.
<p>Most plug-ins are optional, but
the RDBM backend plug-in is required for all RDBM backends.</p>
</dd>
<dt class="bold">Default</dt>
<dd><span class="italic">database</span> /bin/libback-rdbm.dll
rdbm_backend_init
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-exact matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>2000
</dd>
<dt class="bold">Value</dt>
<dd>Multi-valued
</dd>
</dl></blockquote>
<a name="port"></a>
<p id="port"><span class="bold">ibm-slapdPort</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the TCP/IP port used for non-SSL connections. It
cannot have the same value as ibm-slapdSecurePort. (IP ports are unsigned,
16-bit integers in the range 1 - 65535.)
</dd>
<dt class="bold">Default</dt>
<dd>389
</dd>
<dt class="bold">Syntax</dt>
<dd>Integer
</dd>
<dt class="bold">Maximum Length</dt>
<dd>5
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="pwe"></a>
<p id="pwe"><span class="bold">ibm-slapdPWEncryption</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the encoding mechanism for the user passwords before they
are stored in the directory. It must be specified as none, imask, crypt, or
sha (you must use the keyword <span class="bold">sha</span> in order
to get SHA-1 encoding). The value must be set to none for the SASL cram-md5
bind to succeed.
</dd>
<dt class="bold">Default</dt>
<dd>none
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-insensitive matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>5
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="ro"></a>
<p id="ro"><span class="bold">ibm-slapdReadOnly</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>This attribute is normally applied to only the Directory backend.
It specifies whether the backend can be written to. It must be specified as
either TRUE or FALSE. It defaults to FALSE if unspecified. If set to TRUE,
the server returns LDAP_UNWILLING_TO_PERFORM (0x35) in response to any client
request which changes data in the readOnly database.
</dd>
<dt class="bold">Default</dt>
<dd>FALSE
</dd>
<dt class="bold">Syntax</dt>
<dd>Boolean
</dd>
<dt class="bold">Maximum Length</dt>
<dd>5
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="ref"></a>
<p id="ref"><span class="bold">ibm-slapdReferral</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the referral LDAP URL to pass back when the local
suffixes do not match the request. It is used for superior referral (that
is, the suffix is not within the naming context of the server).
</dd>
<dt class="bold">Default</dt>
<dd>No preset default is defined.
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-exact matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>32700
</dd>
<dt class="bold">Value</dt>
<dd>Multi-valued
</dd>
</dl></blockquote>
<a name="repdbcn"></a>
<p id="repdbcn"><span class="bold">ibm-slapdReplDbConns</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Maximum number of database connections for use by replication.
</dd>
<dt class="bold">Default</dt>
<dd>4
</dd>
<dt class="bold">Syntax</dt>
<dd>Integer
</dd>
<dt class="bold">Maximum Length</dt>
<dd>11
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="repsbtr"></a>
<p id="repsbtr"><span class="bold">ibm-slapdReplicaSubtree</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Identifies the DN of a replicated subtree
</dd>
<dt class="bold">Syntax</dt>
<dd>DN
</dd>
<dt class="bold">Maximum Length</dt>
<dd>1000
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="schadds"></a>
<p id="schadds"><span class="bold">ibm-slapdSchemaAdditions</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>The ibm-slapdSchemaAdditions attribute is used to identify
explicitly which file holds new schema entries. This is set by default to
be /etc/V3.modifiedschema. If this attribute is not defined, the server reverts
to using the last ibm-slapdIncludeSchema file as in previous releases.
<p>Before Version 3.2, the last includeSchema entry in <span class="bold">slapd.conf</span> was the file to which any new schema entries were added by
the server if it received an add request from a client. Normally the last
includeSchema is the V3.modifiedschema file, which is an empty file installed
just for this purpose.</p>
<a name="wq400"></a>
<div class="notetitle" id="wq400">Note:</div>
<div class="notebody">The name modified
is misleading, for it only stores new entries. Changes to existing schema
entries are made in their original files.</div>
</dd>
<dt class="bold">Default</dt>
<dd>/etc/V3.modifiedschema
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-exact matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>1024
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="schchk"></a>
<p id="schchk">i<span class="bold">bm-slapdSchemaCheck</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the schema checking mechanism for the add/modify/delete operation.
It must be specified as V2, V3, or V3_lenient.
<ul>
<li>V2 - Retain v2 and v2.1 checking. Recommended for migration
purpose.</li>
<li>V3 - Perform v3 checking.</li>
<li>V3_lenient - Not all parent object classes are needed. Only
the immediate object class is needed when adding entries.</li></ul>
</dd>
<dt class="bold">Default</dt>
<dd>V3_lenient
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-insensitive matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>10
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="secpt"></a>
<p id="secpt"><span class="bold">ibm-slapdSecurePort</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the TCP/IP port used for SSL connections. It cannot
have the same value as ibm-slapdPort. (IP ports are unsigned, 16-bit integers
in the range 1 - 65535.)
</dd>
<dt class="bold">Default</dt>
<dd>636
</dd>
<dt class="bold">Syntax</dt>
<dd>Integer
</dd>
<dt class="bold">Maximum Length</dt>
<dd>5
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="sec"></a>
<p id="sec"><span class="bold">ibm-slapdSecurity</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd><img src="delta.gif" alt="Start of change" />Enables SSL and TLS connections. Must be none, SSL, SSLOnly,
TLS, or SSLTLS.
<ul>
<li>none - The server listens on the nonsecure port only.</li>
<li>SSL - The server listens on both the SSL and the non-SSL ports. The secure
port is the only means of using a secure connection.</li>
<li>SSLOnly - The server listens on the SSL port only.</li>
<li>TLS - The server only listens on the nonsecure port. The StartTLS extended
operation is the only means of using a secure connection.</li>
<li>SSLTLS - The server listens on both the default and secure ports. The
StartTLS extended operation can be used to get a secure connection over the
default port, or the client can use the secure port directly. Sending a StartTLS
over the secure port will return the message <tt class="xph">LDAP_OPERATIONS_ERROR</tt>.</li></ul><img src="deltaend.gif" alt="End of change" />
</dd>
<dt class="bold">Default</dt>
<dd>none
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-insensitive matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>7
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="srvid"></a>
<p id="srvid"><span class="bold">ibm-slapdServerId</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Identifies the server for use in replication.
</dd>
<dt class="bold">Syntax</dt>
<dd>IA5 String with case-sensitive matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>240
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="setenv"></a>
<p id="setenv"><span class="bold">ibm-slapdSetenv</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>The server runs <span class="bold">putenv()</span> for all values
of ibm-slapdSetenv at startup to change the server runtime environment. Shell
variables (like %PATH% or $LANG) are not expanded.
</dd>
<dt class="bold">Default</dt>
<dd>No preset default is defined.
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-exact matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>2000
</dd>
<dt class="bold">Value</dt>
<dd>Multi-valued
</dd>
</dl></blockquote>
<a name="sizel"></a>
<p id="sizel"><span class="bold">ibm-slapdSizeLimit</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the maximum number of entries to return from search,
regardless of any size limit that might have been specified on the client
search request (Range = 0...). If a client has passed a limit, then the smaller
value of the client values and the value read from <span class="bold">ibmslapd.conf</span> are used. If a client has not passed a limit and has bound
as admin DN, the limit is considered unlimited. If the client has not passed
a limit and has not bound as admin DN, then the limit is that which was read
from the <span class="bold">ibmslapd.conf</span> file. 0 = unlimited.
</dd>
<dt class="bold">Default</dt>
<dd>500
</dd>
<dt class="bold">Syntax</dt>
<dd>Integer
</dd>
<dt class="bold">Maximum Length</dt>
<dd>12
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="keylmt"></a>
<p id="keylmt"><span class="bold">ibm-slapdSortKeyLimit</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>The maximum number of sort conditions (keys) that can be specified on
a single search request. Range = 0.... If a client has passed a search request
with more sort keys than the limit allows, and the sorted search control criticality
is FALSE, then the server will honor the value read from the ibmslapd.conf
file and ignore any sort keys encountered after the limit has been reached
- searching and sorting will be performed. If a client has passed a search
request with more keys than the limit allows, and the sorted search control
criticality is TRUE, then the server will return to the client with a return
code of <span class="bold">adminLimitExceeded</span> - no searching
or sorting will be performed.
</dd>
<dt class="bold">Default</dt>
<dd>3
</dd>
<dt class="bold">Syntax</dt>
<dd>cis
</dd>
<dt class="bold">Length</dt>
<dd>11
</dd>
<dt class="bold">Count</dt>
<dd>Single
</dd>
<dt class="bold">Usage</dt>
<dd>directoryOperation
</dd>
<dt class="bold">User Modify</dt>
<dd>Yes
</dd>
<dt class="bold">Access Class</dt>
<dd>critical
</dd>
<dt class="bold">Objectclass</dt>
<dd>ibm-slapdRdbmBackend
</dd>
<dt class="bold">Required</dt>
<dd>No
</dd>
</dl></blockquote>
<a name="srchal"></a>
<p id="srchal"><span class="bold">ibm-slapdSortSrchAllowNonAdmin</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Whether or not the server should allow non-Administrator bind
for sort on a search request. If the value read from the ibmslapd.conf file
is FALSE, the server will process only those client requests submitted by
a user with Administrator authority. If a client requests sort for a search
operation, does not have Administrator authority, and the value read from
the ibmslapd.conf file for this attribute is FALSE, the server will return
to the client with return code insufficientAccessRights - no searching or
sorting will be performed.
</dd>
<dt class="bold">Default</dt>
<dd>FALSE
</dd>
<dt class="bold">Syntax</dt>
<dd>Boolean
</dd>
<dt class="bold">Length</dt>
<dd>5
</dd>
<dt class="bold">Count</dt>
<dd>Single
</dd>
<dt class="bold">Usage</dt>
<dd>directoryOperation
</dd>
<dt class="bold">User Modify</dt>
<dd>Yes
</dd>
<dt class="bold">Access Class</dt>
<dd>critical
</dd>
<dt class="bold">Objectclass</dt>
<dd> ibm-slapdRdbmBackend
</dd>
<dt class="bold">Required</dt>
<dd>No
</dd>
</dl></blockquote>
<a name="ssla"></a>
<p id="ssla"><span class="bold">ibm-slapdSslAuth</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the authentication type for the ssl connection,
either serverauth or serverclientauth.
<ul>
<li>serverauth - supports server authentication at the client. This
is the default.</li>
<li>serverclientauth - supports both server and client authentication.</li></ul>
</dd>
<dt class="bold">Default</dt>
<dd>serverauth
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-insensitive matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>16
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="sslc"></a>
<p id="sslc"><span class="bold">ibm-slapdSslCertificate</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the label that identifies the server Personal Certificate
in the key database file. This label is specified when the server private
key and certificate are created with the <span class="bold">gsk4ikm</span> application. If ibm-slapdSslCertificate is not defined, the default
private key, as defined in the key database file, is used by the LDAP server
for SSL connections.
</dd>
<dt class="bold">Default</dt>
<dd>No preset default is defined.
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-exact matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>128
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="nsslcs"></a>
<p id="nsslcs"><span class="bold">ibm-slapdSslCipherSpec</span></p><blockquote>
<p>Specifies the method of SSL encryption for clients accessing the server.
Must be set to one of the following:</p>
<a name="wq401"></a>
<table id="wq401" width="100%" summary="" border="1" frame="border" rules="all" class="singleborder">
<caption>Table 7. Methods of SSL encryption</caption>
<thead valign="bottom">
<tr class="tablemainheaderbar">
<th id="wq402" align="left" valign="top">Attribute</th>
<th id="wq403" align="left" valign="top">Encryption level</th>
</tr>
</thead>
<tbody valign="top">
<tr>
<td headers="wq402">TripleDES-168</td>
<td headers="wq403">Triple DES encryption with a 168-bit key and a SHA-1
MAC</td>
</tr>
<tr>
<td headers="wq402">DES-56</td>
<td headers="wq403">DES encryption with a 56-bit key and a SHA-1 MAC</td>
</tr>
<tr>
<td headers="wq402">RC4-128-SHA</td>
<td headers="wq403">RC4 encryption with a 128-bit key and a SHA-1 MAC</td>
</tr>
<tr>
<td headers="wq402">RC4-128-MD5</td>
<td headers="wq403">RC4 encryption with a 128-bit key and a MD5 MAC</td>
</tr>
<tr>
<td headers="wq402">RC2-40-MD5</td>
<td headers="wq403">RC4 encryption with a 40-bit key and a MD5 MAC</td>
</tr>
<tr>
<td headers="wq402">RC4-40-MD5</td>
<td headers="wq403">RC4 encryption with a 40-bit key and a MD5 MAC</td>
</tr>
<tr>
<td headers="wq402">AES</td>
<td headers="wq403">AES encryption</td>
</tr>
</tbody>
</table>
<dl>
<dt class="bold">Syntax</dt>
<dd>IA5 String
</dd>
<dt class="bold">Maximum Length</dt>
<dd>30
</dd>
</dl></blockquote>
<a name="sslkd"></a>
<p id="sslkd"><span class="bold">ibm-slapdSslKeyDatabase</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the file path to the LDAP server SSL key database
file. This key database file is used for handling SSL connections from LDAP
clients, as well as for creating secure SSL connections to replica LDAP servers.
</dd>
<dt class="bold">Default</dt>
<dd>/etc/key.kdb
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-exact matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>1024
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="sslkdpw"></a>
<p id="sslkdpw"><span class="bold">ibm-slapdSslKeyDatabasePW</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the password associated with the LDAP server SSL
key database file, as specified on the ibm-slapdSslKeyDatabase parameter.
If the LDAP server key database file has an associated password stash file,
then the ibm-slapdSslKeyDatabasePW parameter can be omitted, or set to none.
<a name="wq404"></a>
<div class="notetitle" id="wq404">Note:</div>
<div class="notebody">The password stash file must be located in the same directory
as the key database file and it must have the same file name as the key database
file, but with an extension of .sth instead of .kdb.</div>
</dd>
<dt class="bold">Default</dt>
<dd>none
</dd>
<dt class="bold">Syntax</dt>
<dd>Binary
</dd>
<dt class="bold">Maximum Length</dt>
<dd>128
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="keyring"></a>
<p id="keyring"><span class="bold">ibm-slapdSslKeyRingFile</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Path to the LDAP server's SSL key database file. This key
database file is used for handling SSL connections from LDAP clients, as well
as for creating secure SSL connections to replica LDAP servers.
</dd>
<dt class="bold">Default</dt>
<dd>key.kdb
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory String with case-sensitive matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>1024
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="suff"></a>
<p id="suff"><span class="bold">ibm-slapdSuffix</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies a naming context to be stored in this backend.
<a name="wq405"></a>
<div class="notetitle" id="wq405">Note:</div>
<div class="notebody">This has the same name as the object class.</div>
</dd>
<dt class="bold">Default</dt>
<dd>No preset default is defined.
</dd>
<dt class="bold">Syntax</dt>
<dd>DN
</dd>
<dt class="bold">Maximum Length</dt>
<dd>1000
</dd>
<dt class="bold">Value</dt>
<dd>Multi-valued
</dd>
</dl></blockquote>
<a name="spwebadm"></a>
<p id="spwebadm"><span class="bold">ibm-slapdSupportedWebAdmVersion</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>This attribute defines the earliest version of the Web administration
tool that supports this server of cn=configuration.
</dd>
<dt class="bold">Default</dt>
<dd>
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory String
</dd>
<dt class="bold">Maximum Length</dt>
<dd>
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="syslogl"></a>
<p id="syslogl"><span class="bold">ibm-slapdSysLogLevel</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the level at which debugging and operation statistics
are logged in the slapd.errors file. It must be specified as l, m, or h.
<ul>
<li>h - high (provides the most information)</li>
<li>m - medium (the default)</li>
<li>l - low (provides the least information)</li></ul>
</dd>
<dt class="bold">Default</dt>
<dd>m
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string with case-insensitive matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>1
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="tl"></a>
<p id="tl"><span class="bold">ibm-slapdTimeLimit</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>Specifies the maximum number of seconds to spend on a search
request, regardless of any time limit that might have been specified on the
client request. If a client has passed a limit, then the smaller value of
the client values and the value read from <span class="bold">ibmslapd.conf</span> are used. If a client has not passed a limit and has bound as admin
DN, the limit is considered unlimited. If the client has not passed a limit
and has not bound as admin DN, then the limit is that which was read from
the <span class="bold">ibmslapd.conf</span> file. 0 = unlimited.
</dd>
<dt class="bold">Default</dt>
<dd>900
</dd>
<dt class="bold">Syntax</dt>
<dd>Integer
</dd>
<dt class="bold">Maximum Length</dt>
<dd>
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="transe"></a>
<p id="transe"><span class="bold">ibm-slapdTransactionEnable</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>If the transaction plugin is loaded but ibm-slapdTransactionEnable is
set to FALSE, the server rejects all StartTransaction requests with the response <tt class="xph">LDAP_UNWILLING_TO_PERFORM</tt>.
</dd>
<dt class="bold">Default</dt>
<dd>TRUE
</dd>
<dt class="bold">Syntax</dt>
<dd>Boolean
</dd>
<dt class="bold">Maximum Length</dt>
<dd>5
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="upidpw"></a>
<p id="upidpw"><span class="bold">ibm-slapdUseProcessIdPw</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>If set to TRUE, the server ignores the ibm-slapdDbUserID and the ibm-slapdDbUserPW
attributes and uses its own process credentials to authenticate to DB2.
</dd>
<dt class="bold">Default</dt>
<dd>FALSE
</dd>
<dt class="bold">Syntax</dt>
<dd>Boolean
</dd>
<dt class="bold">Maximum Length</dt>
<dd>5
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="vers"></a>
<p id="vers"><span class="bold">ibm-slapdVersion</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>IBM Slapd version Number
</dd>
<dt class="bold">Default</dt>
<dd>
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory String with case-sensitive matching
</dd>
<dt class="bold">Maximum Length</dt>
<dd>
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl></blockquote>
<a name="wrtmout"></a>
<p id="wrtmout"><img src="delta.gif" alt="Start of change" /><span class="bold">ibm-slapdWriteTimeout</span><img src="deltaend.gif" alt="End of change" /></p><blockquote><img src="delta.gif" alt="Start of change" />
<dl>
<dt class="bold">Description</dt>
<dd>Specifies a timeout value in seconds for blocked writes. When the time
limit is reached the connection will be dropped.
</dd>
<dt class="bold">Default</dt>
<dd>120
</dd>
<dt class="bold">Syntax</dt>
<dd>Integer
</dd>
<dt class="bold">Maximum Length</dt>
<dd>1024
</dd>
<dt class="bold">Value</dt>
<dd>Single-valued
</dd>
</dl><img src="deltaend.gif" alt="End of change" /></blockquote>
<a name="objcl"></a>
<p id="objcl"><span class="bold">objectClass</span></p><blockquote>
<dl>
<dt class="bold">Description</dt>
<dd>The values of the objectClass attribute describe the kind of object
which an entry represents.
</dd>
<dt class="bold">Syntax</dt>
<dd>Directory string
</dd>
<dt class="bold">Maximum Length</dt>
<dd>128
</dd>
<dt class="bold">Value</dt>
<dd>Multi-valued
</dd>
</dl></blockquote>
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink