Changing Configuration Attributes
9
The entire configuration, including attributes that always take default values, can be viewed by
performing an ldapsearch operation on the cn=config subtree:
ldapsearch -b cn=config -D bindDN -w password
• bindDN is the DN chosen for the Directory Manager when the server was installed (cn=Directory
Manager by default).
• password is the password chosen for the Directory Manager.
For more information on using ldapsearch, see Section 6.4, “ldapsearch”.
To disable a plug-in, use ldapmodify to edit the nsslapd-pluginEnabled attribute:
ldapmodify -D cn="directory manager" -w password
dn: cn=Telephone Syntax,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: off
2.2.2.2. Restrictions to Modifying Configuration Entries and Attributes
Certain restrictions apply when modifying server entries and attributes:
• The cn=monitor entry and its child entries are read-only and cannot be modified, except to
manage ACIs.
• If an attribute is added to cn=config, the server ignores it.
• If an invalid value is entered for an attribute, the server ignores it.
• Because ldapdelete is used for deleting an entire entry, use ldapmodify to remove an attribute
from an entry.
2.2.2.3. Configuration Changes Requiring Server Restart
Some configuration attributes cannot be altered while the server is running. In these cases, for the
changes to take effect, the server needs to be shut down and restarted. The modifications should
be made either through the Directory Server Console or by manually editing the dse.ldif file.
Some of the attributes that require a server restart for any changes to take effect are listed below.
This list is not exhaustive; to see a complete list, run ldapsearch and search for the nsslapd-
requiresrestart attribute. For example:
ldapsearch -p 389 -D "cn=directory manager" -w password -s sub -b "cn=config"
"(objectclass=*)" | grep nsslapd-requiresrestart
nsslapd-cachesize nsslapd-certdir
nsslapd-dbcachesize nsslapd-dbncache
nsslapd-plugin nsslapd-changelogdir
nsslapd-changelogmaxage nsslapd-changelogmaxentries
nsslapd-port nsslapd-schemadir
nsslapd-saslpath nsslapd-secureport
