Red Hat DIRECTORY SERVER 8.1 - RELEASE NOTES Release Note page 5
Hide thumbs
Also See for DIRECTORY SERVER 8.1 - RELEASE NOTES:
- Command reference manual (372 pages) ,
- Configuration and command reference (292 pages) ,
- Reference (228 pages)
Table of Contents
Advertisement
Added a New Parameter to Control How the Server Handles Unauthenticated Binds
A new attribute has been added, winSyncInterval, which sets how frequently the Directory Server
should check the Active Directory peer for changes. If this attribute is not set, the default frequency is
still every five minutes.
This new Win Sync interval can be used with existing sync agreements. To apply this new attribute:
1. Upgrade the software, as described in
2. Copy the 01common.ldif from the common /etc/dirsrv/schema directory into the instance-
specific directory, such as /usr/lib/dirsrv/slapd-instance_name/schema.
It is okay to overwrite the new 01common.ldif schema file because it is new and because the
core configuration schema should never be modified, so there shouldn't be any custom settings.
3. Reload the schema. For example:
/usr/lib/dirsrv/slapd-instance_name/schema-reload.pl -D "cn=Directory
Manager" -w secret
4. Edit the sync agreement to add the winSyncInterval attribute.
/usr/lib/mozldap/ldapmodify -a -D "cn=directory manager" -w secret -p
389 -h server.example.com
dn: cn=ExampleSyncAgreement,cn=sync
replica,cn="dc=example,dc=com",cn=mapping tree,cn=config
changetype: modify
add: winSyncInterval
winSyncInterval: 600
1.10. Added a New Parameter to Control How the Server Handles
Unauthenticated Binds
Users can attempt to bind to the directory using a username but without giving a password. For
example, this command does not include the -w option or any other password option:
/usr/lib/mozldap/ldapsearch -D "cn=directory manager" -b
"dc=example,dc=com" -s sub "(objectclass=*)"
This is called an unauthenticated bind, because the user as whom to bind is given, but without any
credentials.
Before 8.1, the Directory Server allowed that unauthenticated bind to continue as an anonymous bind.
However, this created a management issue for servers which did not allow anonymous binds and a
security risk for ones which did.
A new configuration attribute, nsslapd-allow-unauthenticated-binds, sets whether to allow
an unauthenticated bind to succeed as an anonymous bind or whether the bind attempt fails. By
default, this is turned off, so that unauthenticated binds fail, which is more secure.
nsslapd-allow-unauthenticated-binds: off
Section 3.4, "Upgrading to Directory Server
8.1".
5
Advertisement
Table of Contents
Related Manuals for Red Hat DIRECTORY SERVER 8.1 - RELEASE NOTES
Related Products for Red Hat DIRECTORY SERVER 8.1 - RELEASE NOTES
- Red Hat DIRECTORY SERVER 8.1 - 11-01-2010
- Red Hat DIRECTORY SERVER 8.1 - USING THE ADMIN SERVER
- Red Hat SYSTEM 8 - 25-03-2010
- Red Hat SYSTEM 8.0 - MANAGING SMART CARDS WITH THE ENTERPRISE SECURITY CLIENT
- Red Hat DIRECTORY SERVER 2.0 - GATEWAY
- Red Hat DIRECTORY SERVER 7.1
- Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR
- Red Hat DIRECTORY SERVER 7.1 - DEPLOYMENT
- Red Hat DIRECTORY SERVER 7.1 - GATEWAY CUSTOMIZATION
- Red Hat DIRECTORY SERVER 7.1 - PLUG-IN PROGRAMMERS
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
- Red Hat DIRECTORY SERVER 8.0
- Red Hat DIRECTORY SERVER 8.1 - USING RED HAT CONSOLE 4-28-2008
- Red Hat Linux Virtual Server
- Red Hat LINUX VIRTUAL SERVER - FOR ENTERPRISE LINUX 5.2 REV 05-2008
- Red Hat LINUX VIRTUAL SERVER 4.5 - ADMINISTRATION