Sasl options – Red Hat 8.1 User Manual

for the browser. For example:

-P /security/cert.db

The client security files can also be stored on the
Directory Server in the
/etc/dirsrv/slapd-instance_name directory.
In this case, the -P option would call out a path and
filename similar to the following:

-P
/etc/dirsrv/slapd-instance_name/client-
cert.db

-p

Specifies the port number that the server uses. The
default is 389. If -Z is used, the default is 636.

-Q

Specifies the token and certificate name, which is
separated by a semicolon (:) for PKCS11.

-W

Specifies the password for the certificate database
identified on the -P option. For example:

-W serverpassword

-w

Specifies the password associated with the
distinguished name that is specified in the -D
option. For example:

-w diner892

The default is "", or anonymous.
If a password is not sent on the command line and
the server requires one, the command prompts for
one. It is more secure not to provide a password on
the command-line so that it does not show up in
clear text in a listing of commands.

-Z

Specifies that SSL is to be used for the search
request.

-ZZ

Specifies the Start TLS request. Use this option to
make a cleartext connection into a secure one. If the
server does not support Start TLS, the command
does not need to be aborted; it will continue in
cleartext.

-ZZZ

Enforces the Start TLS request. The server must
respond that the request was successful. If the
server does not support Start TLS, such as Start
TLS is not enabled or the certificate information is
incorrect, the command is aborted immediately.

SASL Options

SASL mechanisms can be used to authenticate a user, using the -o the required SASL information.

To learn which SASL mechanisms are supported, search the root DSE. See the -b option in

Table 6.3,

“Commonly-Used ldapsearch Options”

.

Red Hat Directory Server 8.1 Configuration and Command Reference

201