The PTA plug-in arguments accept a set of optional connection parameters after the LDAP URL:
http[s]://host:port/subtree [maxconns,maxops,timeout,ldapver,connlife] |
The parameters must be given in the order shown. Although these parameters are optional, if you specify one of them, you must specify them all. If you do not want to customize all parameters, specify their default values given below. Make sure there is a space between the subtree parameter and the optional parameters.
You can configure the following optional parameters for each LDAP URL:
maxconns - The maximum number of connections the PTA server can open simultaneously to the authenticating server. This parameter limits the number of simultaneous binds that can be passed-through to the authenticating server. The default value is 3.
maxops - The maximum number of bind requests the PTA directory server can send simultaneously to the authenticating directory server within a single connection. This parameter further limits the number of simultaneous pass-through authentications. The default is value is 5.
timeout - The maximum delay in seconds that you want the PTA server to wait for a response from the authenticating server. The default value is 300 seconds (five minutes).
ldapver - The version of the LDAP protocol you want the PTA server to use when connecting to the authenticating server. The allowed values are 2 for LDAPv2 and 3 for LDAPv3. The default value is 3.
connlife - The time limit in seconds within which the PTA server will reuse a connection to the authenticating server. If a bind in the PTA subtree is requested by a client after this time has expired, the server closes the PTA connection and opens a new one. The server will not close the connection unless a bind request is initiated and the server determines the timeout has been exceeded. If you do not specify this option, or if only one authenticating server is listed in the LDAP URL, no time limit will be enforced. If two or more hosts are listed, the default is 300 seconds (five minutes).
While setting the argument property using the dsconf command, put the value in double quotes to protect spaces. For example:
dsconf set-plugin-prop -h PTAhost -p port "Pass Through Authentication"\ argument:"ldaps://eastbak.example.com/ou=East,ou=People,dc=example,dc=com\ 3,5,300,3,300" |