Author Archives: Terry Gardner

About Terry Gardner

Terry Gardner was a leading directory services architect with experience with many large scale directory services installations and messaging server installations, and was a Subject Matter Expert in the field of Directory Services and Solaris (operating system) performance. Mr. Gardner also participated in the open-source software community. Mr. Gardner passed away in December, 2013.

Terry Gardner passed away in December, 2013.  There will be no new posts to this blog, but I will leave the blog up because it is useful to others.  Signed, Denise, Terry’s wife.

Aside | Posted on | Leave a comment

LDAP: Hardening Server Security (so administrators can sleep at night)

Client Connections Limit the total number of concurrent sessions to the server and limit the number of concurrent sessions per client Set size-limit, lookthrough-limit, and time-limit per client appropriate to client requirements (be aware of the server’s default settings, often … Continue reading

Posted in computing, LDAP, UnboundID | Tagged , | 2 Comments

LDAP: Client Connection Policies

Introduction A Client Connection Policy controls the portions of the DIT a client can access and resource limits on what clients can do with data stored on the server. Clients are subject to one Client Connection Policy at a given … Continue reading

Posted in computing, LDAP, UnboundID | Tagged , , , | Leave a comment

LDAP: Administrative users

Introduction In an UnboundID LDAP directory server, the “Root DN” (root user) accounts have an extensive set of privileges in the default distribution of the server products; therefore the root DN account(s) should not be used in normal operation except … Continue reading

Posted in computing, LDAP, UnboundID | Tagged , , , , | Leave a comment

LDAP: The MultiUpdateExtendedRequest

The UnboundID Directory Server supports an extended request called the MultiUpdateExtendedRequest. This extended request packages multiple updates in a single request and provides control over the behavior of the server when errors arise during the processing of the extended request. … Continue reading

Posted in Java, LDAP, UnboundID, UnboundID LDAP SDK | Tagged , | Leave a comment

ldapmodify: be careful with attribute options

Clients must include the attribute options when using an attribute name following a mod-spec. Consider the following LDIF: # wrong dn: cn=test,c=us changetype: modify replace: your-attribute-name your-attribute-name;binary: binary-stuff your-attribute-name must contain the option (binary in this case). Here is the … Continue reading

Posted in computing, LDAP | Tagged , | Leave a comment

LDAP: Pass-Through Authentication Plugin

The UnboundID Directory Server provides a way to capture passwords and store those passwords in a local entry. This is useful when migrating to UnboundID Directory Server from a legacy server that does not allow the extraction of passwords, for … Continue reading

Posted in computing, LDAP, UnboundID | Tagged , , | 2 Comments