Nsslapd-auditlog-mode (audit log file permission), Section 2.3.1.33, For more information – Red Hat 8.1 User Manual
Page 27
2.3.1.33. nsslapd-auditlog-maxlogsperdir (Audit Log Maximum Number of Log Files)
This attribute sets the total number of audit logs that can be contained in the directory where the audit
log is stored. Each time the audit log is rotated, a new log file is created. When the number of files
contained in the audit log directory exceeds the value stored on this attribute, then the oldest version of
the log file is deleted. The default is 1 log. If this default is accepted, the server will not rotate the log,
and it grows indefinitely.
If the value for this attribute is higher than 1, then check the nsslapd-auditlog-logrotationtime
attribute to establish whether log rotation is specified. If the nsslapd-auditlog-logrotationtime
attribute has a value of -1, then there is no log rotation. See
Section 2.3.1.30, “nsslapd-auditlog-
logrotationtime (Audit Log Rotation Time)”
Parameter
Description
Entry DN
cn=config
Valid Range
1 to the maximum 32 bit integer value
(2147483647)
Default Value
1
Syntax
Integer
Example
nsslapd-auditlog-maxlogsperdir: 10
2.3.1.34 . nsslapd-auditlog-mode (Audit Log File Permission)
This attribute sets the access mode or file permissions with which audit log files are to be created. The
valid values are any combination of 000 to 777 since they mirror numbered or absolute UNIX file
permissions. The value must be a combination of a 3-digit number, the digits varying from 0 through 7:
0 - None
1 - Execute only
2 - Write only
3 - Write and execute
4 - Read only
5 - Read and execute
6 - Read and write
7 - Read, write, and execute
In the 3-digit number, the first digit represents the owner's permissions, the second digit represents the
group's permissions, and the third digit represents everyone's permissions. When changing the default
value, remember that 000 does not allow access to the logs and that allowing write permissions to
everyone can result in the logs being overwritten or deleted by anyone.
The newly configured access mode only affects new logs that are created; the mode is set when the log
rotates to a new file.
Parameter
Description
Entry DN
cn=config
Valid Range
000 through 777
Default Value
600
Syntax
Integer
Example
nsslapd-auditlog-mode: 600
2.3.1.35. nsslapd-certdir (Certificate and Key Database Directory)
This is the full path to the directory holding the certificate and key databases for a Directory Server
instance. This directory must contain only the certificate and key databases for this instance and no
other instances. This directory must be owned and allow read-write access for the server user ID. No
other user should have read-right access to this directory. The default location is the configuration file
directory, /etc/dirsrv/slapd-instance_name.
Changes to this value will not take effect until the server is restarted.
Parameter
Description
Entry DN
cn=config
Valid Values
Absolute path to any directory which is owned by
the server user ID and only allows read and write
access to the server user ID
Default Value
/etc/dirsrv/slapd-instance_name
Syntax
DirectoryString
Red Hat Directory Server 8.1 Configuration and Command Reference
27