NCLHELP.HLB  —  Directory Module, DSA  Characteristics

37  –  Trusted DSA NSAPs 

 The Trusted DSA NSAPs attribute contains a list of NSAP
 addresses through which DSAs can contact this DSA and perform
 chained read and chained modify operations.

 Syntax:
 	SET DSA TRUSTED DSA NSAPS {<address>, ....}

 where <address> is the NSAP address, for example:

 	SET DSA TRUSTED DSA NSAPS {%x49002aaa00040008aa21}

 The default value is an empty set of NSAP addresses, indicating
 that all NSAPs are allowed.

 You can specify the leading characters of an NSAP to indicate
 that trusted access is allowed for any DSA using an
 NSAP beginning with that sequence of characters. For example:

 	SET DSA TRUSTED DSA NSAPS {%x49002a}

 The default value is an empty set of NSAP addresses, indicating
 that DSAs can use any NSAP.

 Trusted access is required by DSAs that are attempting to chain
 a requested for an authenticated user. This DSA must decide
 whether the calling DSA is to be trusted when it claims to have
 authenticated the user satisfactorily.

 Note that this attribute has no effect on DSA communications
 for other purposes, such as replication.

 Note also that the DSA refers to the value of this attribute
 whenever it receives a new connection. Once a connection is
 established, the caller is treated as a trusted DSA for as
 long as the connection lasts. Changing the value of the
 attribute has no effect on existing connections, only on
 subsequent connections.

38  –  Trusted DSA Names 

 The Trusted DSA Names attribute can contain a list of trusted
 DSAs.

 Syntax:
 	SET DSA TRUSTED DSA NAMES {<aetitle>, ....}

 where <aetitle> is the AE title of a DSA that is to be trusted,
 for example:

 	"/C=US/O=Abacus/OU=Sales/CN=DSA1"

 The list contains the AE title of each trusted DSA.
 Refer to DSA Common_Datatypes for more information
 on how to specify an AE title.

 The default value is an empty list of AE titles, which means
 that this DSA trusts no other DSAs.

 Trust enables this DSA to accept another DSA's claim that
 a user has authenticated satisfactorily. This enables chained
 requests to be satisfied, rather than requiring a user to
 authenticate specifically to the DSA that holds the information
 they want to access.

 Note that this attribute is not the recommended way to implement
 trust between DSAs. Refer to the management guide for details of
 how to create directory entries to represent trusted DSAs.

 Note also that this attribute has no effect on DSA communications
 for other purposes, such as replication.

 Note also that the DSA refers to the value of this attribute
 whenever it receives a new connection. Once a connection is
 established, the caller is treated as a trusted DSA for as
 long as the connection lasts. Changing the value of the
 attribute has no effect on existing connections, only on
 subsequent connections.

39  –  Version 

 The Version attribute displays the version number of the DSA.
 The value is read-only.

 Syntax:
 	SHOW DSA VERSION

40  –  Volatile Modifications 

 The Volatile Modifications attribute specifies whether the DSA
 writes all modifications to disk immediately, or delays writing
 modifications to disk.

 Syntax:

 	SET DSA VOLATILE MODIFICATIONS <TRUE/FALSE>

 If the attribute is set to FALSE, then the DSA always writes
 modifications to disk immediately after applying them to its
 in-memory database. This ensures that modifications are never
 lost, but reduces DSA performance for modification operations.

 If the attribute is set to TRUE, then modifications are written
 to memory immediately, but may not be written to disk for up to
 fifteen seconds. This means it is possible that some
 modifications may be lost if a DSA exits abnormally. However,
 the DSA can process volatile modifications much faster than
 non-volatile modifications.

 The default value is FALSE. HP suggests that you set the
 attribute to TRUE, unless you have a strong requirement to
 ensure that modifications are never lost. The attribute can be
 set at any time, regardless of the state of the DSA.

41  –  Writer NSAPs 

 This attribute lists the NSAP addresses that directory
 applications can use to communicate with this DSA and modify
 directory information. Any application attempting to use
 an unlisted NSAP is not allowed to modify information held by
 this DSA. It might be able to read information, subject to
 the Reader_NSAPs attribute. Having write access automatically
 gives read access as well.

 Note that this attribute is not the recommended way to implement
 access control. Refer to HP Enterprise Directory
 - Management for access control advice.

 Syntax:
 	SET DSA WRITER NSAPS {<address>, ....}

 where <address> is the NSAP address, for example:

 	SET DSA WRITER NSAPS {%x49002aaa00040008aa21}

 You can specify the leading characters of an NSAP to indicate
 that access is allowed for any application using an NSAP beginning
 with that sequence of characters. For example:

 	SET DSA WRITER NSAPS {%x49002a}

 The default value is an empty set of NSAP addresses, indicating
 that an application can use any NSAP.

 Note also that the DSA refers to the value of this attribute
 whenever it receives a new connection. Once a connection is
 established, the caller is allowed write access for as
 long as the connection lasts. Changing the value of the
 attribute has no effect on existing connections, only on
 subsequent connections.

42  –  Writer Names 

 The Writer Names attribute lists the distinguished
 names of users permitted to modify information held by this DSA.
 Having write access automatically gives read access as well.

 Syntax:
 	SET DSA WRITER NAMES {<name>, ....}

 where <name> is the distinguished name of a user, for example:

 	"/C=US/O=Abacus/OU=Sales/CN='Jon Smith'"

 Refer to DSA Common_Datatypes for more information
 on how to specify a distinguished name.

 Note that this is not the recommended way to implement controls
 on user access to directory information. Refer to HP Enterprise
 Directory  - Management for access control advice.

 If the attribute specifies no names, then the DSA places no
 restriction on access, (subject to access controls, and to the
 settings of Writer NSAPs, Reader Names, and Reader NSAPs
 characteristic attributes). However, if any names are listed,
 then only those users have access to information.

 The default value is an empty set of distinguished names, allowing
 all users to access information, subject to other attributes and
 access controls.

 Note also that the DSA refers to the value of this attribute
 whenever it receives a new connection. Once a connection is
 established, the caller is allowed write access for as
 long as the connection lasts. Changing the value of the
 attribute has no effect on existing connections, only on
 subsequent connections.
Close Help