beautypg.com

Nsslapd-ldapilisten (enable ldapi) – Red Hat 8.1 User Manual

Page 36

background image

Default Value

off

Syntax

DirectoryString

Example

nsslapd-ldapiautobind: off

2.3.1.65. nsslapd-ldapientrysearchbase (Search Base for LDAPI Authentication Entries)

With autobind, it is possible to map system users to Directory Server user entries, based on the system
user's UID and GUID numbers. This requires setting Directory Server parameters for which attribute to
use for the UID number (nsslapd-ldapiuidnumbertype) and GUID number (nsslapd-
ldapigidnumbertype) and setting the search base to use to search for matching user entries.

The nsslapd-ldapientrysearchbase gives the subtree to search for user entries to use for autobind.

Parameter

Description

Entry DN

cn=config

Valid Values

DN

Default Value

The suffix created when the server instance was
created, such as dc=example,dc=com

Syntax

DN

Example

nsslapd-ldapientrysearchbase:
ou=people,dc=example,dc=om

2.3.1.66. nsslapd-ldapifilepath (File Location for LDAPI Socket)

LDAPI connects a user to an LDAP server over a UNIX socket rather than TCP. In order to configure
LDAPI, the server must be configured to communicate over a UNIX socket. The UNIX socket to use is set
in the nsslapd-ldapifilepath attribute.

Parameter

Description

Entry DN

cn=config

Valid Values

Any directory path

Default Value

/var/run/dirsrv/slapd-example.socket

Syntax

Case-exact string

Example

nsslapd-ldapifilepath: /var/run/slapd-
example.socket

2.3.1.67. nsslapd-ldapigidnumbertype (Attribute Mapping for System GUID Number)

Autobind can be used to authenticate system users to the server automatically and connect to the
server using a UNIX socket. To map the system user to a Directory Server user for authentication, the
system user's UID and GUID numbers should be mapped to be a Directory Server attribute. The
nsslapd-ldapigidnumbertype attribute points to the Directory Server attribute to map system GUIDs
to user entries.

Users can only connect to the server with autobind if LDAPI is enabled (nsslapd-ldapilisten and
nsslapd-ldapifilepath), autobind is enabled (nsslapd-ldapiautobind), and autobind mapping is
enabled for regular users (nsslapd-ldapimaptoentries).

Parameter

Description

Entry DN

cn=config

Valid Values

Any Directory Server attribute

Default Value

gidNumber

Syntax

DirectoryString

Example

nsslapd-ldapigidnumbertype: gidNumber

2.3.1.68. nsslapd-ldapilisten (Enable LDAPI)

The nsslapd-ldapilisten enables LDAPI connections to the Directory Server. LDAPI allows users to
connect to the Directory Server over a UNIX socket rather than a standard TCP port. Along with enabling
LDAPI by setting nsslapd-ldapilisten to on, there must also be a UNIX socket set for LDAPI in the
nsslapd-ldapifilepath attribute.

Parameter

Description

Entry DN

cn=config

Valid Values

on | off

Default Value

off

Syntax

DirectoryString

Example

nsslapd-ldapilisten: off

36

Chapter 2. Core Server Configuration Reference