Database Link Attributes under cn=database_link_name, cn=chaining database, cn=plugins, cn=config
199
Parameter
Description
Example
nsslapd-sizelimit: 2000
3.5.2.13. nsTimeLimit
This attribute shows the default search time limit for the database link.
Parameter
Description
Entry DN
cn=default instance config, cn=chaining
database, cn=plugins, cn=config
Valid Range
-1 to maximum 32-bit integer (2147483647)
seconds
Default Value
3600
Syntax
Integer
Example
nsslapd-timelimit: 3600
3.5.3. Database Link Attributes under cn=database_link_name,
cn=chaining database, cn=plugins, cn=config
This information node stores the attributes concerning the server containing the data. A
farm server
is a server which contains data on databases. This attribute can contain optional servers for failover,
separated by spaces. For cascading chaining, this URL can point to another database link.
3.5.3.1. nsBindMechanism
This attribute sets a bind mechanism for the farm server to connect to the remote server. A farm server
is a server containing data in one or more databases. This attribute configures the connection type,
either standard, SSL, or SASL.
•
empty.
This performs simple authentication and requires the
nsMultiplexorBindDn
and
nsMultiplexorCredentials
attributes to give the bind information.
•
EXTERNAL.
This uses an SSL certificate to authenticate the farm server to the remote server.
Either the farm server URL must be set to the secure URL (
ldaps
) or the
nsUseStartTLS
attribute must be set to
on
.
Additionally, the remote server must be configured to map the farm server's certificate to its bind
identity. Certificate mapping is described in the
Administrator's Guide
.
•
DIGEST-MD5.
This uses SASL with DIGEST-MD5 encryption. As with simple authentication, this
requires the
nsMultiplexorBindDn
and
nsMultiplexorCredentials
attributes to give the
bind information.
•
GSSAPI.
This uses Kerberos-based authentication over SASL. The farm server must be connected
over the standard port, meaning the URL has
ldap
, because the Directory Server does not support
SASL/GS-API over SSL.
The farm server must be configured with a Kerberos keytab, and the remote server must have a
defined SASL mapping for the farm server's bind identity. Setting up Kerberos keytabs and SASL
mappings is described in the
Administrator's Guide
.
Содержание 8.1
Страница 8: ...viii ...
Страница 14: ...xiv ...
Страница 16: ...2 ...
Страница 250: ...236 ...
Страница 334: ...320 ...
Страница 372: ...358 ...