Core Server Configuration Attributes Reference
82 Red Hat Directory Server Configuration, Command, and File Reference • May 2005
nsslapd-ssl-check-hostname (Verify Hostname for Outbound Connections)
Specifies whether an SSL-enabled Directory Server (with certificate-based client
authentication turned on) should verify authenticity of a request by matching the
hostname against the value assigned to the common name (
cn
) attribute of the
subject name in the certificate being presented. By default, the attribute is set to
off
. If it is on and if the hostname does not match the
cn
attribute of the
certificate, appropriate error and audit messages are logged. For example, in a
replicated environment, messages similar to these are logged in the supplier
server’s log files if it finds that the peer server’s hostname doesn’t match the name
specified in its certificate:
[DATE] - SSL alert: ldap_sasl_bind("",LDAP_SASL_EXTERNAL) 81
(Netscape runtime error -12276 - Unable to communicate securely
with peer: requested domain name does not match the server's
certificate.)
[DATE] NSMMReplicationPlugin - agmt="cn=to ultra60 client auth"
(ultra60:1924): Replication bind with SSL client authentication
failed: LDAP error 81 (Can’t contact LDAP server)
It is recommended that you turn this attribute on to protect Directory Server’s
outbound SSL connections against a Man In The Middle (MITN) attack.
nsslapd-threadnumber (Thread Number)
Defines the number of operation threads that the Directory Server will create
during startup. The
nsslapd-threadnumber
value should be increased if you
have many directory clients performing time-consuming operations such as add
or modify, as this ensures that there are other threads available for servicing
short-lived operations such as simple searches. This attribute is not available from
the server console.
Entry DN: cn=config
Valid Values: on | off
Default Value: off
Syntax: DirectoryString
Example: nsslapd-ssl-check-hostname: on
Entry DN: cn=config
Valid Range: 1 to the maximum number of threads supported by your system
To Next Page
Loading...
Need help?
General
