Chapter 17. Using the Pass-through Authentication Plug-in
434
•
Section 17.4.1, “Specifying One Authenticating Directory Server and One Subtree”
•
Section 17.4.2, “Specifying Multiple Authenticating Directory Servers”
•
Section 17.4.3, “Specifying One Authenticating Directory Server and Multiple Subtrees”
•
Section 17.4.4, “Using Non-Default Parameter Values”
•
Section 17.4.5, “Specifying Different Optional Parameters and Subtrees for Different Authenticating
Directory Servers”
17.4.1. Specifying One Authenticating Directory Server and One
Subtree
This example configures the PTA Plug-in to accept all defaults for the optional variables. This
configuration causes the PTA Directory Server to connect to the authenticating Directory Server for all
bind requests to the
o=NetscapeRoot
subtree. The hostname of the authenticating Directory Server
is
configdir.example.com
.
dn: cn=Pass Through Authentication,cn=plugins,cn=config
...
nsslapd-pluginEnabled: on
nsslapd-pluginarg0: ldap://configdir.example.com/o=NetscapeRoot
...
17.4.2. Specifying Multiple Authenticating Directory Servers
If the connection between the PTA Directory Server and the authenticating Directory Server is broken
or the connection cannot be opened, the PTA Directory Server sends the request to the next server
specified, if any. There can be multiple authenticating Directory Servers specified, as required, to
provide failover if the first Directory Server is unavailable. All of the authentication Directory Server are
set in the
nsslapd-pluginarg0
attribute. Multiple authenticating Directory Servers are listed in a
space-separate list of
host:port
pairs. For example:
dn: cn=Pass Through Authentication,cn=plugins,cn=config
...
nsslapd-pluginEnabled: on
nsslapd-pluginarg0: ldap://configdir.example.com:389 config2dir.example.com:1389/
o=NetscapeRoot
...
NOTE
The
nsslapd-pluginarg0
attribute sets the authentication Directory Server; additional
nsslapd-pluginargN
attributes can set additional
suffixes
for the PTA Plug-in to use,
but not additional
hosts
.
17.4.3. Specifying One Authenticating Directory Server and Multiple
Subtrees
The following example configures the PTA Directory Server to pass through bind requests for more
than one subtree (using parameter defaults):
Summary of Contents for DIRECTORY SERVER 8.0
Page 18: ...xviii ...
Page 29: ...Configuring the Directory Manager 11 6 Enter the new password and confirm it 7 Click Save ...
Page 30: ...12 ...
Page 112: ...94 ...
Page 128: ...110 ...
Page 190: ...Chapter 6 Managing Access Control 172 4 Click New to open the Access Control Editor ...
Page 224: ...206 ...
Page 324: ...306 ...
Page 334: ...316 ...
Page 358: ...340 ...
Page 410: ...392 ...
Page 420: ...402 ...
Page 444: ...426 ...
Page 454: ...436 ...
Page 464: ...446 ...
Page 484: ...466 ...
Page 512: ...494 ...
Page 522: ...504 ...