Nstimelimit, Nsbindmechanism, Nsfarmserverurl – Red Hat 8.1 User Manual
Page 145
Example
nsslapd-sizelimit: 2000
3.5.2.13. nsTimeLimit
This attribute shows the default search time limit for the database link.
Parameter
Description
Entry DN
cn=default instance config, cn=chaining
database, cn=plugins, cn=config
Valid Range
-1 to maximum 32-bit integer (2147483647)
seconds
Default Value
3600
Syntax
Integer
Example
nsslapd-timelimit: 3600
3.5.3. Database Link Attributes under cn=database_link_name, cn=chaining database,
cn=plugins, cn=config
This information node stores the attributes concerning the server containing the data. A farm server is a
server which contains data on databases. This attribute can contain optional servers for failover,
separated by spaces. For cascading chaining, this URL can point to another database link.
3.5.3.1. nsBindMechanism
This attribute sets a bind mechanism for the farm server to connect to the remote server. A farm server
is a server containing data in one or more databases. This attribute configures the connection type,
either standard, SSL, or SASL.
empty. This performs simple authentication and requires the nsMultiplexorBindDn and
nsMultiplexorCredentials attributes to give the bind information.
EXTERNAL. This uses an SSL certificate to authenticate the farm server to the remote server. Either
the farm server URL must be set to the secure URL (ldaps) or the nsUseStartTLS attribute must
be set to on.
Additionally, the remote server must be configured to map the farm server's certificate to its bind
identity. Certificate mapping is described in the Administrator's Guide.
DIGEST-MD5. This uses SASL with DIGEST-MD5 encryption. As with simple authentication, this
requires the nsMultiplexorBindDn and nsMultiplexorCredentials attributes to give the bind
information.
GSSAPI. This uses Kerberos-based authentication over SASL. The farm server must be connected
over the standard port, meaning the URL has ldap, because the Directory Server does not support
SASL/GS-API over SSL.
The farm server must be configured with a Kerberos keytab, and the remote server must have a
defined SASL mapping for the farm server's bind identity. Setting up Kerberos keytabs and SASL
mappings is described in the Administrator's Guide.
Parameter
Description
Entry DN
cn=database_link_name, cn=chaining database,
cn=plugins, cn=config
Valid Values
empty
EXTERNAL
DIGEST-MD5
GSSAPI
Default Value
empty
Syntax
DirectoryString
Example
nsBindMechanism: GSSAPI
3.5.3.2. nsFarmServerURL
This attribute gives the LDAP URL of the remote server. A farm server is a server containing data in one
or more databases. This attribute can contain optional servers for failover, separated by spaces. If using
cascading changing, this URL can point to another database link.
Parameter
Description
Entry DN
cn=database_link_name, cn=chaining database,
cn=plugins, cn=config
Valid Values
Any valid remote server LDAP URL
Red Hat Directory Server 8.1 Configuration and Command Reference
14 5