Warning, Nsslapd-saslpath – Red Hat 8.1 User Manual
Page 44
attribute. When viewed from the server console, this attribute shows the value *****. When viewed
from the dse.ldif file, this attribute shows the encryption method followed by the encrypted string of
the password. The example shows the password as displayed in the dse.ldif file, not the actual
password.
WARNING
When the root DN is configured at server setup, a root password is required. However, it is
possible for the root password to be deleted from dse.ldif by directly editing the file. In this
situation, the root DN can only obtain the same access to the directory is allowed for anonymous
access. Always make sure that a root password is defined in dse.ldif when a root DN is
configured for the database. The pwdhash command-line utility can create a new root password.
For more information, see
Section 7.3.12, “pwdhash (Prints Encrypted Passwords)”
.
Parameter
Description
Entry DN
cn=config
Valid Values
Any valid password encrypted by any one of the
encryption methods which are described in
Section 2.3.1.142, “passwordStorageScheme
(Password Storage Scheme)”
Default Value
Syntax
DirectoryString {encryption_method
}encrypted_Password
Example
nsslapd-rootpw: {SSHA}9Eko69APCJfF
2.3.1.94 . nsslapd-rootpwstoragescheme (Root Password Storage Scheme)
This attribute sets the encryption method used for the root password.
Parameter
Description
Entry DN
cn=config
Valid Values
Any encryption method as described in
Section 2.3.1.142, “passwordStorageScheme
(Password Storage Scheme)”
Default Value
SSHA
Syntax
DirectoryString
Example
nsslapd-rootpwstoragescheme: SSHA
2.3.1.95. nsslapd-saslpath
Sets the absolute path to the directory containing the Cyrus-SASL SASL2 plug-ins. On HP-UX systems,
the Directory Server cannot use the system SASL libraries because they are either not provided or are
not the correct version. Setting this attribute allows the server to use custom or non-standard SASL
plug-in libraries. This is usually set correctly during installation, and Red Hat strongly recommends not
changing this attribute. If the attribute is not present or the value is empty, this means the Directory
Server is using the system provided SASL plug-in libraries which are the correct version.
If this parameter is set, the server uses the specified path for loading SASL plugins. If this parameter is
not set, the server uses the SASL_PATH environment variable. If neither nsslapd-saslpath or
SASL_PAT H are set, the server attempts to load SASL plugins from the default location,
/usr/lib/sasl2.
Changes made to this attribute will not take effect until the server is restarted.
Parameter
Description
Entry DN
cn=config
Valid Values
Path to plugins directory.
Default Value
Platform dependent
Syntax
DirectoryString
Example
nsslapd-saslpath: /usr/lib/sasl2
2.3.1.96. nsslapd-schema-ignore-trailing-spaces (Ignore Trailing Spaces in Object Class
Names)
Ignores trailing spaces in object class names. By default, the attribute is turned off. If the directory
contains entries with object class values that end in one or more spaces, turn this attribute on. It is
preferable to remove the trailing spaces because the LDAP standards do not allow them.
For performance reasons, server restart is required for changes to take effect.
4 4
Chapter 2. Core Server Configuration Reference