Nsslapd-instancedir (instance directory), Nsslapd-ioblocktimeout (io block time out), Nsslapd-lastmod (track modification time) – Red Hat 8.1 User Manual

Default Value

0

Syntax

Integer

Example

nsslapd-idletimeout: 0

2.3.1.61. nsslapd-instancedir (Instance Directory)

This attribute is deprecated. There are now separate configuration parameters for instance-specific
paths, such as nsslapd-certdir and nsslapd-lockdir. See the documentation for the specific
directory path that is set.

2.3.1.62. nsslapd-ioblocktimeout (IO Block Time Out)

This attribute sets the amount of time in milliseconds after which the connection to a stalled LDAP client
is closed. An LDAP client is considered to be stalled when it has not made any I/O progress for read or
write operations.

Parameter

Description

Entry DN

cn=config

Valid Range

0 to the maximum 32 bit integer value
(2147483647) in ticks

Default Value

1800000

Syntax

Integer

Example

nsslapd-ioblocktimeout: 1800000

2.3.1.63. nsslapd-lastmod (Track Modification Time)

This attribute sets whether the Directory Server maintains the modification attributes for Directory Server
entries. These are operational attributes. These attributes include:

m odifiersNam e - The distinguished name of the person who last modified the entry.
m odifyT im estam p - The timestamp, in GMT format, for when the entry was last modified.
creatorsNam e - The distinguished name of the person who initially created the entry.
createT im estam p - The timestamp for when the entry was created in GMT format.

Parameter

Description

Entry DN

cn=config

Valid Values

on | off

Default Value

on

Syntax

DirectoryString

Example

nsslapd-lastmod: on

WARNING

This attribute should never be turned off. If the nsslapd-lastmod is set to off, then generating
nsUniqueIDs is also disabled, replication does not work, and other issues may arise.
If for some reason this attribute were set to off, the solution is to export the database to ldif
(db2ldif or db2ldif.pl or from the console), set the value to on, and import the data. The
import process assigns each entry a unique id.

2.3.1.64 . nsslapd-ldapiautobind (Enable Autobind)

The nsslapd-ldapiautobind sets whether the server will allow users to autobind to Directory Server
using LDAPI. Autobind maps the UID or GUID number of a system user to a Directory Server user, and
automatically authenticates the user to Directory Server based on those credentials. The Directory
Server connection occurs over UNIX socket.

Along with enabling autobind, configuring autobind requires configuring mapping entries. The nsslapd-
ldapimaprootdn maps a root user on the system to the Directory Manager. The nsslapd-
ldapimaptoentries maps regular users to Directory Server users, based on the parameters defined in
the nsslapd-ldapiuidnumbertype, nsslapd-ldapigidnumbertype, and nsslapd-
ldapientrysearchbase attributes.

Autobind can only be enabled if LDAPI is enabled, meaning the nsslapd-ldapilisten is on and the
nsslapd-ldapifilepath attribute is set to an LDAPI socket.

Parameter

Description

Entry DN

cn=config

Valid Values

on | off

Red Hat Directory Server 8.1 Configuration and Command Reference

35