beautypg.com

Nsslapd-allow-unauthenticated-binds, Section 2.3.1.16, For more information – Red Hat 8.1 User Manual

Page 22

background image

Valid Range

-1 | 1 to the maximum 32 bit integer value
(2147483647), where a value of -1 means the log
file is unlimited in size.

Default Value

100

Syntax

Integer

Example

nsslapd-accesslog-maxlogsize: 100

2.3.1.16. nsslapd-accesslog-maxlogsperdir (Access Log Maximum Number of Log Files)

This attribute sets the total number of access logs that can be contained in the directory where the
access log is stored. Each time the access log is rotated, a new log file is created. When the number of
files contained in the access log directory exceeds the value stored in this attribute, then the oldest
version of the log file is deleted. For performance reasons, Red Hat recommends not setting this value to
1 because the server does not rotate the log, and it grows indefinitely.

If the value for this attribute is higher than 1, then check the nsslapd-accesslog-logrotationtime
attribute to establish whether log rotation is specified. If the nsslapd-accesslog-logrotationtime
attribute has a value of -1, then there is no log rotation. See

Section 2.3.1.13, “nsslapd-accesslog-

logrotationtime (Access Log Rotation Time)”

for more information.

Parameter

Description

Entry DN

cn=config

Valid Range

1 to the maximum 32 bit integer value
(2147483647)

Default Value

10

Syntax

Integer

Example

nsslapd-accesslog-maxlogsperdir: 10

2.3.1.17. nsslapd-accesslog-mode (Access Log File Permission)

This attribute sets the access mode or file permission with which access log files are to be created. The
valid values are any combination of 000 to 777 (these mirror the numbered or absolute UNIX file
permissions). The value must be a 3-digit number, the digits varying from 0 through 7:

0 - None
1 - Execute only
2 - Write only
3 - Write and execute
4 - Read only
5 - Read and execute
6 - Read and write
7 - Read, write, and execute

In the 3-digit number, the first digit represents the owner's permissions, the second digit represents the
group's permissions, and the third digit represents everyone's permissions. When changing the default
value, remember that 000 does not allow access to the logs and that allowing write permissions to
everyone can result in the logs being overwritten or deleted by anyone.

The newly configured access mode only affects new logs that are created; the mode is set when the log
rotates to a new file.

Parameter

Description

Entry DN

cn=config

Valid Range

000 through 777

Default Value

600

Syntax

Integer

Example

nsslapd-accesslog-mode: 600

2.3.1.18. nsslapd-allow-unauthenticated-binds

An unauthenticated bind is a bind where the user supplies a username but not a password. For
example, running an ldapsearch without supplying a password option:

/usr/lib/mozldap/ldapsearch -D "cn=directory manager" -b "dc=example,dc=com" -s
sub "(objectclass=*)"

When unauthenticated binds are allowed, the bind attempt goes through as an anonymous bind
(assuming anonymous access is allowed).

22

Chapter 2. Core Server Configuration Reference