Nsslapd-securelistenhost, Nsslapd-secureport (encrypted port number), Nsslapd-security (security) – Red Hat 8.1 User Manual

Default Value

replication-only

Syntax

DirectoryString

Example

nsslapd-schemareplace: replication-only

2.3.1.100. nsslapd-securelistenhost

This attribute allows multiple Directory Server instances to run on a multihomed machine (or makes it
possible to limit listening to one interface of a multihomed machine). There can be multiple IP addresses
associated with a single hostname, and these IP addresses can be a mix of both IPv4 and IPv6. This
parameter can be used to restrict the Directory Server instance to a single IP interface; this parameter
also specifically sets what interface to use for SSL/TLS traffic rather than regular LDAP connections.

If a hostname is given as the nsslapd-securelistenhost value, then the Directory Server responds to
requests for every interface associated with the hostname. If a single IP interface (either IPv4 or IPv6) is
given as the nsslapd-securelistenhost value, Directory Server only responds to requests sent to
that specific interface. Either an IPv4 or IPv6 address can be used.

The server has to be restarted for changes to this attribute to go into effect.

Parameter

Description

Entry DN

cn=config

Valid Values

Any secure hostname, IPv4 or IPv6 address

Default Value
Syntax

DirectoryString

Example

nsslapd-securelistenhost: ldaps.example.com

2.3.1.101. nsslapd-securePort (Encrypted Port Number)

This attribute sets the TCP/IP port number used for SSL/TLS communications. This selected port must
be unique on the host system; make sure no other application is attempting to use the same port
number. Specifying a port number of less than 1024 requires that Directory Server be started as root.
The server sets its uid to the nsslapd-localuser value after startup.

The server only listens to this port if it has been configured with a private key and a certificate, and
nsslapd-security is set to on; otherwise, it does not listen on this port.

The server has to be restarted for the port number change to be taken into account.

Parameter

Description

Entry DN

cn=config

Valid Range

1 to 65535

Default Value

636

Syntax

Integer

Example

nsslapd-securePort: 636

2.3.1.102. nsslapd-security (Security)

This attribute sets whether the Directory Server is to accept SSL/TLS communications on its encrypted
port. This attribute should be set to on for secure connections. To run with security on, the server must
be configured with a private key and server certificate in addition to the other SSL/TLS configuration.

Parameter

Description

Entry DN

cn=config

Valid Values

on | off

Default Value

off

Syntax

DirectoryString

Example

nsslapd-security: off

2.3.1.103. nsslapd-sizelimit (Size Limit)

This attribute sets the maximum number of entries to return from a search operation. If this limit is
reached, ns-slapd returns any entries it has located that match the search request, as well as an
exceeded size limit error.

When no limit is set, ns-slapd returns every matching entry to the client regardless of the number
found. To set a no limit value whereby the Directory Server waits indefinitely for the search to complete,
specify a value of -1 for this attribute in the dse.ldif file.

This limit applies to everyone, regardless of their organization.

4 6

Chapter 2. Core Server Configuration Reference