beautypg.com

Nsslapd-ldapiuidnumbertype, Nsslapd-listenhost (listen to ip address) – Red Hat 8.1 User Manual

Page 37

background image

2.3.1.69. nsslapd-ldapimaprootdn (Autobind Mapping for Root User)

With autobind, a system user is mapped to a Directory Server user and then automatically authenticated
to the Directory Server over a UNIX socket.

The root system user (the user with a UID of 0) is mapped to whatever Directory Server entry is
specified in the nsslapd-ldapimaprootdn attribute.

Parameter

Description

Entry DN

cn=config

Valid Values

Any DN

Default Value

cn=Directory Manager

Syntax

DN

Example

nsslapd-ldapimaprootdn: cn=Directory Manager

2.3.1.70. nsslapd-ldapimaptoentries (Enable Autobind Mapping for Regular Users)

With autobind, a system user is mapped to a Directory Server user and then automatically authenticated
to the Directory Server over a UNIX socket. This mapping is automatic for root users, but it must be
enabled for regular system users through the nsslapd-ldapimaptoentries attribute. Setting this
attribute to on enables mapping for regular system users to Directory Server entries. If this attribute is
not enabled, then only root users can use autobind to authenticate to the Directory Server, and all other
users connect anonymously.

The mappings themselves are configured through the nsslapd-ldapiuidnumbertype and nsslapd-
ldapigidnumbertype attributes, which map Directory Server attributes to the user's UID and GUID
numbers.

Users can only connect to the server with autobind if LDAPI is enabled (nsslapd-ldapilisten and
nsslapd-ldapifilepath) and autobind is enabled (nsslapd-ldapiautobind).

Parameter

Description

Entry DN

cn=config

Valid Values

on | off

Default Value

off

Syntax

DirectoryString

Example

nsslapd-ldapimaptoentries: on

2.3.1.71. nsslapd-ldapiuidnumbertype

Autobind can be used to authenticate system users to the server automatically and connect to the
server using a UNIX socket. To map the system user to a Directory Server user for authentication, the
system user's UID and GUID numbers must be mapped to be a Directory Server attribute. The
nsslapd-ldapiuidnumbertype attribute points to the Directory Server attribute to map system UIDs to
user entries.

Users can only connect to the server with autobind if LDAPI is enabled (nsslapd-ldapilisten and
nsslapd-ldapifilepath), autobind is enabled (nsslapd-ldapiautobind), and autobind mapping is
enabled for regular users (nsslapd-ldapimaptoentries).

Parameter

Description

Entry DN

cn=config

Valid Values

Any Directory Server attribute

Default Value

uidNumber

Syntax

DirectoryString

Example

nsslapd-ldapiuidnumbertype: uidNumber

2.3.1.72. nsslapd-listenhost (Listen to IP Address)

This attribute allows multiple Directory Server instances to run on a multihomed machine (or makes it
possible to limit listening to one interface of a multihomed machine). There can be multiple IP addresses
associated with a single hostname, and these IP addresses can be a mix of both IPv4 and IPv6. This
parameter can be used to restrict the Directory Server instance to a single IP interface.

If a hostname is given as the nsslapd-listenhost value, then the Directory Server responds to
requests for every interface associated with the hostname. If a single IP interface (either IPv4 or IPv6) is
given as the nsslapd-listenhost value, Directory Server only responds to requests sent to that
specific interface. Either an IPv4 or IPv6 address can be used.

The server has to be restarted for changes to this attribute to go into effect.

Red Hat Directory Server 8.1 Configuration and Command Reference

37