Nsslapd-allow-unauthenticated-binds, Section 2.3.1.16, For more information – Red Hat 8.1 User Manual
Page 22
Valid Range
-1 | 1 to the maximum 32 bit integer value
(2147483647), where a value of -1 means the log
file is unlimited in size.
Default Value
100
Syntax
Integer
Example
nsslapd-accesslog-maxlogsize: 100
2.3.1.16. nsslapd-accesslog-maxlogsperdir (Access Log Maximum Number of Log Files)
This attribute sets the total number of access logs that can be contained in the directory where the
access log is stored. Each time the access log is rotated, a new log file is created. When the number of
files contained in the access log directory exceeds the value stored in this attribute, then the oldest
version of the log file is deleted. For performance reasons, Red Hat recommends not setting this value to
1 because the server does not rotate the log, and it grows indefinitely.
If the value for this attribute is higher than 1, then check the nsslapd-accesslog-logrotationtime
attribute to establish whether log rotation is specified. If the nsslapd-accesslog-logrotationtime
attribute has a value of -1, then there is no log rotation. See
Section 2.3.1.13, “nsslapd-accesslog-
logrotationtime (Access Log Rotation Time)”
Parameter
Description
Entry DN
cn=config
Valid Range
1 to the maximum 32 bit integer value
(2147483647)
Default Value
10
Syntax
Integer
Example
nsslapd-accesslog-maxlogsperdir: 10
2.3.1.17. nsslapd-accesslog-mode (Access Log File Permission)
This attribute sets the access mode or file permission with which access log files are to be created. The
valid values are any combination of 000 to 777 (these mirror the numbered or absolute UNIX file
permissions). The value must be a 3-digit number, the digits varying from 0 through 7:
0 - None
1 - Execute only
2 - Write only
3 - Write and execute
4 - Read only
5 - Read and execute
6 - Read and write
7 - Read, write, and execute
In the 3-digit number, the first digit represents the owner's permissions, the second digit represents the
group's permissions, and the third digit represents everyone's permissions. When changing the default
value, remember that 000 does not allow access to the logs and that allowing write permissions to
everyone can result in the logs being overwritten or deleted by anyone.
The newly configured access mode only affects new logs that are created; the mode is set when the log
rotates to a new file.
Parameter
Description
Entry DN
cn=config
Valid Range
000 through 777
Default Value
600
Syntax
Integer
Example
nsslapd-accesslog-mode: 600
2.3.1.18. nsslapd-allow-unauthenticated-binds
An unauthenticated bind is a bind where the user supplies a username but not a password. For
example, running an ldapsearch without supplying a password option:
/usr/lib/mozldap/ldapsearch -D "cn=directory manager" -b "dc=example,dc=com" -s
sub "(objectclass=*)"
When unauthenticated binds are allowed, the bind attempt goes through as an anonymous bind
(assuming anonymous access is allowed).
22
Chapter 2. Core Server Configuration Reference