Novell LDAP Proxy 1.0 Administration Guide - NetIQ
Novell LDAP Proxy 1.0 Administration Guide - NetIQ
Novell LDAP Proxy 1.0 Administration Guide - NetIQ
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
In Example 1, the attribute value is 5000. This indicates that the Backend1 server can handle<br />
5000 connections.<br />
• capability: The capability of the back-end server relative to the other servers. For example, if<br />
the capability of a back-end server is 2, it can be loaded two times more than the other servers.<br />
This is an optional attribute.<br />
The element can have the following child elements:<br />
• : Specifies how <strong>LDAP</strong> <strong>Proxy</strong> sends requests to the back-end server. It must have the<br />
following attributes:<br />
• protocol: The protocol that the proxy server uses to send requests to the back-end server.<br />
The attribute value can be ldap or ldaps.<br />
NOTE: If you specify the protocol as ldaps, you must place the certificate file in the /<br />
etc/opt/novell/ldapproxy/conf/ssl/trustedcert directory.<br />
The element can have the following child elements:<br />
• : The IP address of the system on which the back-end server is installed.<br />
• : The port on which the back-end server receives requests.<br />
• : The domain name of the system where the back-end server is installed.<br />
• : The number of <strong>LDAP</strong> connections that are cached and maintained by the<br />
proxy server so that the connections are reused when the proxy server receives future request.<br />
The element can have the following child elements:<br />
• : Specifies the number of <strong>LDAP</strong> connections that are cached and<br />
maintained by the proxy server. The value must always be less than the max-connections<br />
attribute value. For instance, in Example 1, the max-connections value is 5000, whereas<br />
the connection-pool value specified is 256.<br />
• : If anonymous bind is disabled on a particular server, then to nullify the<br />
connection identity you must specify the User Distinguished Name (user DN). To nullify a<br />
connection with a particular bind dn, specify the required DN.<br />
NOTE: It is not recommended to use admin DN to nullify a connection. Ideally, it should<br />
be a DN with the least privileges.<br />
• : Performs periodic health checks to determine the response time of the<br />
back-end server. This is an optional element.<br />
If you specify this parameter, the proxy periodically sends an <strong>LDAP</strong> Bind request to the<br />
back-end server and calculates the response time of the request.<br />
To specify the response time of the back-end server, you must use the following attribute:<br />
• max-response-time-ms: The maximum time (in milliseconds) within which a backend<br />
server must respond when it receives an <strong>LDAP</strong> Bind request. If it does not<br />
respond within the specified time, the back-end server is identified as a slow server.<br />
In Example 1, the attribute value is 5000. This indicates that the Backend1 server<br />
must respond to any request within 5000 milliseconds.<br />
• : The DN with which the Bind request must be performed to detect<br />
a server that is slow to respond.<br />
Manually Configuring <strong>Novell</strong> <strong>LDAP</strong> <strong>Proxy</strong> 31