Internet Express for Tru64 UNIX Version 6.8 Administration Guide (14233)

ManualsBrandsHP ManualsSoftwareTru64 UNIX 5.1B

service), set the maximum number of threads to 64 or greater (if your system has sufficient

memory).

The value of pw_cachesize determines how many individual passwd entries are allowed

to be cached. The value of pw_expirecache determines the maximum length of time

that the ldapcd caching daemon will check the cache for an individual passwd entry.

When the value of pw_expirecache is exceeded, the ldapcd daemon returns to the

server to look for the requested passwd entry.

The values for gr_cachesize and gr_expirecache work similarly to pw_cachesize

and pw_expirecache, but they work for group entries.

The value of machine_dn is the distinguished name by which the ldapcd caching daemon

binds to the directory to do searches and retrievals of information from the directory. By

requiring each system to use a particular DN, you can determine which machines are

accessing the directory and for what purpose. Further, you can also control read and

search access to the directory on a machine-account basis.

The name for the object class that defines the attributes for a UNIX account in the extended

schema on your server (see Section 4.1.3: Extended LDAP Schema for UNIX Account

Information).

LDAP attribute names (on the right) are mapped to fields (on the left) in the passwd

structure returned by a call to getpwent.

Only the encrypted password is stored in the userPassword attribute.

The name for the object class that defines the attributes for a UNIX group in the extended

schema defined on your server (see Section 4.1.3: Extended LDAP Schema for UNIX

Account Information).

LDAP attribute names (on the right) are mapped to fields (on the left) in the group

structure returned by a call to getgrent(3).

Note:

HP recommends you use the Administration utility to modify the ldapcd.conf file.

4.1.2 Creating Branches

By creating branches, you can organize an LDAP directory tree into meaningful categories of

information, each with its own search base. The use of branches can improve the performance

of an LDAP server by allowing queries to be confined to the branch that contains the information

of interest. For example, you might create a separate branch to contain user information. To

create a user information branch on the directory server, follow these steps:

1. Find the following information in the /etc/ldapcd.conf file:

• Value of searchbase

• Value of machine_dn

• Value of machine_pass

2. Decide on a name for a new branch; for example, accounts.

3. Create a file containing the following, substituting the value you found in step 1 for

searchbase:

dn: ou=accounts,o=searchbase

objectclass: top

objectclass: organizationalUnit

ou: accounts

description: description

4. Run the following command, substituting the values you found in step 1 for searchbase,

machine_dn, and machine_pass, and specify the name of the file you created in step 3

with the -f option:

4.1 Managing the LDAP Module for System Authentication 73