Internet Express for Tru64 UNIX Version 6.10 Administration Guide (5900-1418, March 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Internet Express Software

The value of pw_cachesize determines how many individual passwd entries are allowed

to be cached. The value of pw_expirecache determines the maximum length of time that

the ldapcd caching daemon will check the cache for an individual passwd entry. When

the value of pw_expirecache is exceeded, the ldapcd daemon returns to the server to

look for the requested passwd entry.

The values for gr_cachesize and gr_expirecache work similarly to pw_cachesize

and pw_expirecache, but they work for group entries.

The value of machine_dn is the distinguished name by which the ldapcd caching daemon

binds to the directory to do searches and retrievals of information from the directory. By

requiring each system to use a particular DN, you can determine which machines are

accessing the directory and for what purpose. Further, you can also control read and search

access to the directory on a machine-account basis.

The name for the object class that defines the attributes for a UNIX account in the extended

schema on your server (see Section : Extended LDAP Schema for UNIX Account Information).

LDAP attribute names (on the right) are mapped to fields (on the left) in the passwd structure

returned by a call to getpwent.

Only the encrypted password is stored in the userPassword attribute.

The name for the object class that defines the attributes for a UNIX group in the extended

schema defined on your server (see Section : Extended LDAP Schema for UNIX Account

Information).

LDAP attribute names (on the right) are mapped to fields (on the left) in the group structure

returned by a call to getgrent(3).

Note:

HP recommends you use the Administration utility to modify the ldapcd.conf file.

Creating Branches

By creating branches, you can organize an LDAP directory tree into meaningful categories of

information, each with its own search base. The use of branches can improve the performance of

an LDAP server by allowing queries to be confined to the branch that contains the information of

interest. For example, you might create a separate branch to contain user information. To create

a user information branch on the directory server, follow these steps:

1. Find the following information in the /etc/ldapcd.conf file:

• Value of searchbase

• Value of machine_dn

• Value of machine_pass

2. Decide on a name for a new branch; for example, accounts.

3. Create a file containing the following, substituting the value you found in step 1 for

searchbase:

dn: ou=accounts,o=searchbase

objectclass: top

objectclass: organizationalUnit

ou: accounts

description: description

4. Run the following command, substituting the values you found in step 1 for searchbase,

machine_dn, and machine_pass, and specify the name of the file you created in step 3

with the -f option:

/usr/local/bin/ldapmodify -add \

-D "machine_dn" -w "machine_pass" \

-f file

Managing the LDAP Module for System Authentication 69