Red Hat 8.1 Configuration And Command Reference page 22

22
Chapter 2. Core Server Configuration Reference
Valid Range
Default Value
Syntax
Example
2.3.1.16. nsslapd-accesslog-maxlogsperdir (Access Log Maximum Number of Log Files)
T his attribute sets the total number of access logs that can be contained in the directory where the
access log is stored. Each time the access log is rotated, a new log file is created. When the number of
files contained in the access log directory exceeds the value stored in this attribute, then the oldest
version of the log file is deleted. For performance reasons, Red Hat recommends not setting this value to
1 because the server does not rotate the log, and it grows indefinitely.
If the value for this attribute is higher than 1, then check the nsslapd-accesslog-logrotationtime
attribute to establish whether log rotation is specified. If the nsslapd-accesslog-logrotationtime
attribute has a value of -1, then there is no log rotation. See
logrotationtime (Access Log Rotation T ime)"
Parameter
Entry DN
Valid Range
Default Value
Syntax
Example
2.3.1.17. nsslapd-accesslog-mode (Access Log File Permission)
T his attribute sets the access mode or file permission with which access log files are to be created. T he
valid values are any combination of 000 to 777 (these mirror the numbered or absolute UNIX file
permissions). T he value must be a 3-digit number, the digits varying from 0 through 7:
0 - None
1 - Execute only
2 - Write only
3 - Write and execute
4 - Read only
5 - Read and execute
6 - Read and write
7 - Read, write, and execute
In the 3-digit number, the first digit represents the owner's permissions, the second digit represents the
group's permissions, and the third digit represents everyone's permissions. When changing the default
value, remember that 000 does not allow access to the logs and that allowing write permissions to
everyone can result in the logs being overwritten or deleted by anyone.
T he newly configured access mode only affects new logs that are created; the mode is set when the log
rotates to a new file.
Parameter
Entry DN
Valid Range
Default Value
Syntax
Example
2.3.1.18. nsslapd-allow-unauthenticated-binds
An unauthenticated bind is a bind where the user supplies a username but not a password. For
example, running an ldapsearch without supplying a password option:
/usr/lib/mozldap/ldapsearch -D "cn=directory manager" -b "dc=example,dc=com" -s
sub "(objectclass=*)"
When unauthenticated binds are allowed, the bind attempt goes through as an anonymous bind
(assuming anonymous access is allowed).
-1 | 1 to the maximum 32 bit integer value
(2147483647), where a value of -1 means the log
file is unlimited in size.
100
Integer
nsslapd-accesslog-maxlogsize: 100
Section 2.3.1.13, "nsslapd-accesslog-
for more information.
Description
cn=config
1 to the maximum 32 bit integer value
(2147483647)
10
Integer
nsslapd-accesslog-maxlogsperdir: 10
Description
cn=config
000 through 777
600
Integer
nsslapd-accesslog-mode: 600