Red Hat Training

A Red Hat training course is available for Red Hat Directory Server

1.10. Server Configuration Attributes

Directory Server stores the configuration maintained in the cn=config entry in the /etc/dirsrv/slapd-instance_name/dse.ldif file. If you set up a new instance, Directory Server only stores configuration attributes that have been modified in this file. Attributes that are not listed, use their default value.
This enables you to:
  • Identify all configuration parameters set in this instance by displaying the /etc/dirsrv/slapd-instance_name/dse.ldif file.
  • Restore a default value by deleting the parameter.
    If you delete a configuration parameter, the parameter is no longer listed in the /etc/dirsrv/slapd-instance_name/dse.ldif file. However, the parameter and its default value is displayed when you search the parameter in the cn=config entry using the LDAP protocol.
    Note that you cannot delete the parameters listed in Table 1.1, “Configuration Attributes That Cannot Be Deleted” to reset them to their default. If you try to delete them, the server will reject the request with a Server is unwilling to perform (53) error.
  • Use the latest default values provided by a new Directory Server version.
    New versions often provide optimized settings and increased security. For example, if you do not set the passwordStorageScheme attribute, Directory Server automatically uses the strongest supported password storage scheme available. If a future update changes the default value to increase security, passwords will be automatically encrypted using the new storage scheme when a user set a passwords.


    If you manually set a parameter to the same value as its default, the value is not updated. This happens, when a newer version uses a different default value.

Table 1.1. Configuration Attributes That Cannot Be Deleted

nsslapd-accesslog nsslapd-auditlog nsslapd-bakdir
nsslapd-certdir nsslapd-certmap-basedn nsslapd-conntablesize
nsslapd-errorlog nsslapd-instancedir nsslapd-ldifdir
nsslapd-localhost nsslapd-localuser nsslapd-lockdir
nsslapd-rootpw nsslapd-referral nsslapd-referralmode
nsslapd-rundir nsslapd-saslpath nsslapd-schemadir
nsslapd-tmpdir nsslapd-workingdir