NumServers= |
The number of available LDAP servers. These
are replicas that can post certificates and CRLs. |
From LDAP programmer |
1 |
PostInterval= |
How often the posting thread scans the request
database for certificates and CRLs to post to the LDAP server in weeks
(w), days (d), hours (h),
minutes (m), or seconds (s) if
NumServers > 0. Note: - If the post is unsuccessful for a given certificate, the post
is retried at the next post interval. If the post continues to be
unsuccessful after 3 attempts, the post frequency for this certificate
is reduced to no more than once per hour. After 26 unsuccessful attempts,
it is further reduced to no more than once per day. After 33 unsuccessful
attempts, the post request for this certificate is deleted from the
request database.
- Certificates created when NumServers is set to 0 are not posted
to LDAP. If the value of NumServers is changed later to enable posting,
the new value applies to new certificates only.
|
UNIX programmer
decides this. Specify a number followed by h (hours), m (minutes)
or s (seconds).
|
5m |
Server1= |
You use this parameter only if you are storing
LDAP passwords in the clear.
This parameter's value is the fully
qualified domain name (domain name or IP address and port) for the
first LDAP server.
If you are using a Secure Sockets Layer (SSL)
session, the fully qualified domain name should be preceded by ldaps://.
|
Copy this information from the earlier (completed)
table, Table 1. |
myldapserver.mycompany.com:389 ___________________________
Note: If
the number of servers (the value in the row containing NumServers=)
is greater than one, you need one value for each server.
|
UseBinaryAttr1 |
Specifies whether the CA posts certificates
and CRLs to the LDAP server with the binary attribute. Valid values
are T (True) or F (False). If NumServers is
greater than 1, specify a value for each server; for example, specify UseBinaryAttr2 for
server 2. If a value of UseBinaryAttrn is not specified,
it defaults to F. |
UNIX programmer
decides this (after consulting with LDAP programmer) |
F |
AuthName1= |
You use this parameter only if you are storing
LDAP passwords in the clear.
This parameter's value is the distinguished
name to use for LDAP binding.
(See Table 1 for a definition of distinguished
name.)
|
Copy this information from the earlier (completed)
table, Table 1. |
CN=root Notes:- If the number of servers (the value in the row containing NumServers=)
is greater than one, you need one value for each server.
- The default name of the LDAP server configuration file is ds.conf for
the IBM Tivoli Directory Server for z/OS LDAP
server.
|
AuthPwd1= |
You use this parameter only if you are storing
LDAP passwords in the clear.
This parameter's value is the password
to use for LDAP binding. The LDAP programmer sets this.
Note: Include
this parameter, Server1, and AuthName1 only
if you are storing the LDAP password in the clear. Alternately, if
you encrypting the password for an LDAP server, use the BindProfile1 parameter.
Omitting BindProfile1 and Server1 specifies
using the PROXY segment information from the IRR.PROXY.DEFAULTS profile
in the FACILITY class. (For more information, see Using encrypted passwords for LDAP servers.)
|
Copy this information from the earlier (completed)
table, Table 1. |
root ____________________
Note: If
the number of servers (the value in the row containing NumServers=)
is greater than one, you need one value for each server.
|
CreateOUValue= |
Value
to use for the OU attribute when creating LDAP entries under the objectclass
organizationalUnit. (See Table 1.)
This is used only when no OU value is specified in the relative distinguished
name. |
UNIX programmer
decides this (after consulting with LDAP programmer) |
Created by PKI Services |
RetryMissingSuffix= |
True
(T) or False (F) setting that indicates whether LDAP post requests
should be retried later if the distinguished name suffix does not
exist. When set to F, LDAP post requests that fail because of a missing
suffix are discarded. |
UNIX programmer
decides this (after consulting with LDAP programmer) |
T |
BindProfile1= |
You use this parameter only if you intend
to use an encrypted password for your LDAP server.
This parameter's
value is the name of the LDAPBIND class profile containing the bind
information for the LDAP server. (For more information, see Using encrypted passwords for LDAP servers.)
|
Get the profile name from the RACF® administrator who creates the profile.
See Using encrypted passwords for LDAP servers for more information. |
LOCALPKI.BINDINFO.LDAP1 ____________________
Note: If
the number of servers (the value in the row containing NumServers=)
is greater than one, you need one value for each server.
|