Run the following dsconf commands:
$ dsconf enable-plugin -h PTAhost -p port "Pass Through Authentication" $ dsconf set-plugin-prop -h PTAhost -p port "Pass Through Authentication" \ argument:"ldap[s]://authenticatingHost[:port]/PTAsubtree options"
The plug-in argument specifies the LDAP URL identifying the hostname of the authenticating directory server, an optional port, and the PTA subtree. If no port is specified, the default port is 389 with LDAP and 636 with LDAPS. You may also set the optional connection parameters described in the following sections. If the PTAsubtree exists in the PTAhost, the plug-in will not pass the bind request to the authenticatingHost, and the bind will be processed locally without any pass-through.
Restart the server as described in Starting, Stopping, and Restarting a Directory Server Instance.