|
|
|
If you do not use DXmanager, use the set dsa command to define the knowledge of a DSA.
Important! You must declare the parameters in the order shown.
This command has the following format:
set dsa dsaname =
{
prefix = DN
[ native-prefix = DN ]
dsa-name = DN
[ dsa-password = password ]
[ ldap-dsa-name = DN ]
[ ldap-dsa-password = password ]
address = tcp hostname port port-number [ ,tcp hostname2 port port-number2 ]
[ tsap = tsel ]
[ ssap = ssel ]
[ osi-psap = psel ]
[ disp-psap = dispsap ]
[ cmip-psap = cmipsap ]
[ snmp-port = port-number ]
[ console-port = port-number ]
[ remote-console-port = port-number ]
[ remote-console-ssl = true | false ]
[ console-password = password | "{password-format}password-hash" ]
[ auth-levels = anonymous | clear-password | ssl-auth ]
[ dsp-idle-time = idle-time ]
[ dsa-flags = dsaflag-list ]
[ trust-flags = trustflag-list ]
[ link-flags = linkflag-list ]
};
Specifies the name of the DSA.
Specifies a partial DN, which specifies the namespace partition served by this DSA.
Specifies a partial DN, which the DSA recognizes as applicable to its entries. This is generally only used with LDAP servers.
Specifies the name of the DSA as a DN; not to be confused with the name of the server
Specifies the password other DSAs must supply to communicate with this DSA.
Specifies the name of the LDAP DSA.
Specifies the password of the LDAP DSA.
Specifies one or more TCP/IP addresses for the DSA in one of the following forms:
If there is a choice of addresses associated with the host name, the IPv6 address is selected. To specify the IPv4 address, replace the string tcp with ipv4. To specify the IPv6 address, replace the string tcp with ipv6.
Note: The SNMP trap address remains at IPv4.
Example: Specifying an IP address for IPv4 environments:
address = tcp "345.785.987.224" port 19389
Example: Specifying an IP address for IPv6 environments:
address = tcp "fe80::20d:56ff:fed4:8300%5" port 19389
Example: Specifying an IP address for hybrid IPv6/IPv4 environments:
address = tcp "fe80::20d:56ff:fed4:8300%5" port 19389, tcp "345.785.987.224" port 19389
Example: Specifying a host name:
address = tcp "eagle" port 19389
Example: Specifying a host name for IPv4 environments:
address = ipv4 "eagle" port 19389
Specifies a Transport SAP port number. This is not often used.
Specifies a Session SAP port number. This is not often used.
Specifies a Presentation SAP port number. This is not often used.
Specifies DISP Presentation SAP. If this is not set, DISP is disabled.
CMIP is no longer supported.
Specifies the SNMP port.
Specifies the console port address, which allows the DSA console to accept connections from the local computer. If this is not specified, the DSA does not have a local console.
Allows the DSA console to accept a connection from a remote computer on this port. When this is not specified, there is no remote console for the DSA.
Forces the DSA to encrypt console sessions when it runs remotely.
The password required for connections from a remote computer. This password is transmitted in clear text.
Specifies the levels of authentication that will be accepted by this DSA. May include anonymous, clear-password, and ssl-auth.
Specifies the maximum time (in seconds) that a DSP connection can be idle before it is disconnected.
Specifies the flags that control the operation of the DSA. DSA flags are as follows:
Disables the list operation on the DSA.
Restricts complex searches or searches with no filter on the DSA.
Limits a DSA to performing exact searches, that is searches with a single equality filter item with no wildcards.
Marks a DSA as part of a load share group. The DSA should have other peer DSAs with the same prefix, which are also marked as load-share. A router DSA shares operations over each DSA in the load share group.
Marks a DSA as part of a multiwrite group. The DSA should have other peer DSAs, with the same prefix, which are also marked as multiwrite. Updates are automatically propagated to all peer DSAs marked as multiwrite.
Makes the DSA update asynchronously, even though it is in a multiwrite group.
Specifies which DSAs in the group acts as the hub. This only works if you also have multi-write-group enabled. This setting prevents unsuitable DSAs being selected as the hub in a failover situation.
Permits forwarding of a request to another DSA regardless of access control constraints.
While this DSA is in recovery mode, it only accepts updates from peers: this prevents clients from accessing out-of-date data.
Disables update operations on the DSA.
Permits a router DSA to exist without consuming a level of the DIT.
Permits a DSA to be updated by DISP or multiwrite, but prevents any other updates, for example, through DAP or LDAP.
Specifies flags relating to trust that control the operation of the DSA. Thrust flags are as follows:
Permits a DSA, while processing a bind request from a user who is not local, to pass a name and password-compare request to this DSA. The result of the compare request is then used to authenticate the user.
Signifies that a DSA treats the originator and authentication level passed in DSP chaining arguments as if that user and authentication level were authenticated locally.
Lets the DSA pass an anonymous user request across an authenticated DSP link.
Lets the DSA pass an authenticated user request across an anonymous DSP link.
Removes the requirement for mutual authentication and permits a link to be set up if the remote DSA does not send credentials in the bind response.
Specifies flags that control connecting to the DSA. Link flags are as follows
The DSA is treated as an LDAP server that supports LDAP 3.0. Other DSAs will send requests to the DSA as if it was an LDAP server.
When dsp-ldap is configured, there will be no COMPARE operation on the userPassword attribute, following a bind. If the same user connects more than once, that user will use the same link, and dxserver will check that the user and the password are the same.
Causes the last DSA in the chain to use the authorization of the originating user to perform operations on the LDAP server.
The DSA is treated as an LDAP server that supports LDAP 3.0.
The DSA is treated as an Active Directory service. If you observe any problems with linking to Active Directory, set this flag.
The DSA is treated as a Microsoft Exchange server to overcome limitations in Exchange's version of LDAP.
Allows this DSA to bind anonymously to a Nexor DSA. To bind anonymously with a Nexor DSA, the message ID must be stripped of all identifying credentials.
Allows this DSA to support concurrent binds. If this flag is not set on a link that a DSA requires for authenticating concurrent binds, these binds will fail. Used in conjunction with the set concurrent-bind-user command.
Note: Only use this flag for LDAP directories. If you do not use dsp-ldap, we recommend that you do not use use rebind either.
Allows this DSA to bind anonymously to a Siemens DSA. To bind anonymously with a Siemens DSA, the message ID must be non-zero.
All DSA-to-DSA communication to the DSA with this link flag uses SSL encryption.
It is similar to ssl-encryption, but SSL encryption is not used if the target DXserver is on the same host.
Marks a DSA as unavailable. A DSA will not forward requests to a DSA marked as unavailable.
| Copyright © 2009 CA. All rights reserved. | Email CA about this topic |