Chapter 17. Using the Pass-through Authentication Plug-in
434
•
Section 17.4.1, “Specifying One Authenticating Directory Server and One Subtree”
•
Section 17.4.2, “Specifying Multiple Authenticating Directory Servers”
•
Section 17.4.3, “Specifying One Authenticating Directory Server and Multiple Subtrees”
•
Section 17.4.4, “Using Non-Default Parameter Values”
•
Section 17.4.5, “Specifying Different Optional Parameters and Subtrees for Different Authenticating
Directory Servers”
17.4.1. Specifying One Authenticating Directory Server and One
Subtree
This example configures the PTA Plug-in to accept all defaults for the optional variables. This
configuration causes the PTA Directory Server to connect to the authenticating Directory Server for all
bind requests to the
o=NetscapeRoot
subtree. The hostname of the authenticating Directory Server
is
configdir.example.com
.
dn: cn=Pass Through Authentication,cn=plugins,cn=config
...
nsslapd-pluginEnabled: on
nsslapd-pluginarg0: ldap://configdir.example.com/o=NetscapeRoot
...
17.4.2. Specifying Multiple Authenticating Directory Servers
If the connection between the PTA Directory Server and the authenticating Directory Server is broken
or the connection cannot be opened, the PTA Directory Server sends the request to the next server
specified, if any. There can be multiple authenticating Directory Servers specified, as required, to
provide failover if the first Directory Server is unavailable. All of the authentication Directory Server are
set in the
nsslapd-pluginarg0
attribute. Multiple authenticating Directory Servers are listed in a
space-separate list of
host:port
pairs. For example:
dn: cn=Pass Through Authentication,cn=plugins,cn=config
...
nsslapd-pluginEnabled: on
nsslapd-pluginarg0: ldap://configdir.example.com:389 config2dir.example.com:1389/
o=NetscapeRoot
...
NOTE
The
nsslapd-pluginarg0
attribute sets the authentication Directory Server; additional
nsslapd-pluginargN
attributes can set additional
suffixes
for the PTA Plug-in to use,
but not additional
hosts
.
17.4.3. Specifying One Authenticating Directory Server and Multiple
Subtrees
The following example configures the PTA Directory Server to pass through bind requests for more
than one subtree (using parameter defaults):
Содержание DIRECTORY SERVER 8.0
Страница 18: ...xviii ...
Страница 29: ...Configuring the Directory Manager 11 6 Enter the new password and confirm it 7 Click Save ...
Страница 30: ...12 ...
Страница 112: ...94 ...
Страница 128: ...110 ...
Страница 190: ...Chapter 6 Managing Access Control 172 4 Click New to open the Access Control Editor ...
Страница 224: ...206 ...
Страница 324: ...306 ...
Страница 334: ...316 ...
Страница 358: ...340 ...
Страница 410: ...392 ...
Страница 420: ...402 ...
Страница 444: ...426 ...
Страница 454: ...436 ...
Страница 464: ...446 ...
Страница 484: ...466 ...
Страница 512: ...494 ...
Страница 522: ...504 ...