7.2 Configuration Parameters

The eDirectory configuration parameters are stored in the nds.conf file.

When configuration parameters are changed, ndsd needs to be restarted for the new value to take effect. You should use ndsmanage to restart ndsd.

However, for some configuration parameters, ndsd need not be restarted. These parameters are listed below:

The following table provides a description of all the configuration parameters.

Parameter

Description

n4u.nds.preferred-server

The host name of the machine that hosts the eDirectory service.

Default = null

n4u.base.tree-name

The tree name that Account Management uses. This is a mandatory parameter set by the Account Management Installer. This parameter cannot be set.

n4u.base.dclient.use-udp

DClient can use UDP in addition to TCP for communicating with the eDirectory servers. This parameter enables the UDP transport feature.

Default = 0

Range = 0, 1

n4u.base.slp.max-wait

The Service Location Protocol (SLP) API calls timeout.

Default = 30

Range = 3 to 100

This value is in seconds.

This option is supported only by NetIQ SLP and not OpenSLP.

n4u.nds.advertise-life-time

eDirectory reregisters itself with the Directory Agent after this time period.

Default = 3600

Range = 1 to 65535

This value is in seconds.

n4u.server.signature-level

Determines the level of enhanced security support. Increasing this value increases security, but decreases performance.

Default = 1

Range = 0 to 3

n4u.nds.dir

The eDirectory directory information database.

Default:

/var/opt/novell/eDirectory/data/

This parameter cannot be set using the ndsconfig set command. You can manually change this parameter if you want to relocate your DIB. However, we do not recommend you do so.

n4u.nds.server-guid

A globally unique identifier for the eDirectory server.

Default = null

n4u.nds.server-name

The name of the eDirectory Server.

Default = null

n4u.nds.bindery-context

The Bindery context string.

Default = null

n4u.nds.server-context

The context that the eDirectory server is added to. This parameter cannot be set or changed.

n4u.nds.external-reference-life-span

The number of hours unused external references are allowed to exist before being removed.

Default = 192

Range = 1 to 384

n4u.nds.inactivity-synchronization-interval

The interval (in minutes) after which full synchronization of the replicas is performed, following a period of no change to the information held in the eDirectory on the server.

Default = 60

Range = 2 to 1440

n4u.nds.synchronization-restrictions

The Off value allows synchronization with any version of the eDirectory. The On value restricts synchronization to version numbers you specify as parameters. For example, ON,420,421.

Default = Off

n4u.nds.janitor-interval

The interval (in minutes) after which the eDirectory Janitor process is executed.

Default = 2

Range = 1 to 10080

n4u.nds.backlink-interval

The interval (in minutes) after which the eDirectory backlink consistency is checked.

Default = 780

Range = 2 to 10080

n4u.nds.drl-interval

The interval (in minutes) after which the eDirectory distributed reference link consistency is checked.

Default = 780

Range = 2 to 10080

n4u.nds.flatcleaning-interval

The interval (in minutes) after which the flatcleaner process automatically begins purging and deleting entries from the database.

Default = 720

Range = 1 to 720

n4u.nds.server-state-up-threshold

The server state up threshold, in minutes. This is the time after which the eDirectory checks the server state before returning -625 errors.

Default = 30

Range = 1 to 720

n4u.nds.heartbeat-schema

The heartbeat base schema synchronization interval in minutes.

Default = 240

Range = 2 to 1440

n4u.nds.heartbeat-data

The heartbeat synchronization interval in minutes.

Default = 60

Range = 2 to 1440

n4u.nds.dofsync

Setting this parameter to 0 increases update performance significantly for large databases, but there is a risk of database corruption if the system crashes.

n4u.server.configdir

The eDirectory configuration files are placed here.

Default = /etc

n4u.server.vardir

The eDirectory and utilities log files are placed here.

Default = /var/opt/novell/eDirectory/log

n4u.server.libdir

The eDirectory specific libraries are placed here in the nds-modules directory.

Default = /opt/novell/eDirectory/lib

n4u.server.sid-caching

Enables SSL session ID caching. Refer to the SSL v3.0 RFC for more details about session ID caching in SSL.

n4u.server.tcp-port

The default port used if the port number is not specified in the n4u.server.interfaces parameter.

n4u.server.interfaces

The IP address and port number that eDirectory server should listen on for client connections. The value can be a comma-separated list specifying more than one combination of possible settings. For example: n4u.server.interfaces=101.1.2.3@524,100.1.2.3@1524

n4u.server.max-interfaces

This parameter specifies maximum number of interfaces that eDirectory will use.

Default = 128

Range = 1 to 2048

n4u.server.max-openfiles

This parameter specifies the maximum number of file descriptors that eDirectory can use.

Default = maximum allowed by the administrator

n4u.server.max-threads

The maximum number of threads that will be started by the eDirectory server. This is the number of concurrent operations that can be done within the eDirectory server.

Default = 64

Range = 32 to 512

Refer to the NetIQ eDirectory 8.8 SP8 Tuning Guide to set an optimum value.

n4u.server.idle-threads

The maximum number of idle threads that are allowed in the eDirectory server.

Default = 8

Range = 1 to 128

n4u.server.start-threads

Initial number of threads to be started up.

Default = 8

n4u.server.log-levels

This parameter helps to configure the error logging settings for the server-side messages. It sets the message log level to LogFatal, LogWarn, LogErr, LogInfo, or LogDbg.

n4u.server.log-file

This parameter specifies the log file location where the messages would be logged. By default, the messages are logged into the ndsd.log file.

n4u.ldap.lburp.transize

Number of records that are sent from the NetIQ Import/Export client to the LDAP server in a single LBURP packet. You can increase the transaction size to ensure that multiple add operations can be performed in a single request.

Default = 25

Range = 1 to 250

n4u.server.listen-on-loopback

It is a boolean parameter, and enabled by default. In a few recent Linux distributions, the hostname in the /etc/hosts file is associated with the loopback address. Though the common address given in the SLES systems is 127.0.0.2, it can be anything from 127.0.0.0 to 127.255.255.255 (valid loopback addresses).

http.server.interfaces

Comma-separated list of interfaces that HTTP server should use.

http.server.request-io-buffer-size

Default IO buffer size.

http.server.request_timeout-seconds

Server request timeout.

http.server.keep-timeout-seconds

Number of seconds to wait for the next request from the same client on the same connection.

http.server.threads-per-processor

HTTP thread pool size per processor.

http.server.session-exp-seconds

Session expiration time in seconds.

http.server.sadmin-passwd

Session administrator password.

http.server.module-base

HTTP server webroot.

https.server.cached-cert-dn

HTTPS server cached certificate DN.

https.server.cached-server-dn

HTTPS server cached DN.

http.server.trace-level

Diagnostic trace level of HTTP server.

http.server.auth-req-tls

HTTP server authentication requires TLS.

http.server.clear-port

Server port for the HTTP protocol.

http.server.tls-port

Server port for the HTTPS protocol.

NOTE:For more details information on the eDirectory configuration parameters, refer to the nds.conf man page.