Internet Express for Tru64 UNIX Version 6.10 Administration Guide (5900-1418, March 2011)
Distinguished Name to cn=root,o=<hostname>. The OpenLDAP Directory Server uses the
password specified to access the iass login account and the administration servers for the
initial Root DN Password.
6. The System Name is the name of the system on which the LDAP directory server is running or
a comma-separated list of names of systems on which replicated directory servers are running.
7. Search Base is the top level of the branch in the LDAP database containing user information
(see Section : Creating Branches).
8. The Port Number value must match the port you are using for the directory server. The default
port for the directory server is 389.
9. The Active Connections value specifies the maximum number of open connections maintained
by ldapcd caching daemon (see Figure 20).
10. The Thread Maximum value specifies the maximum number of threads maintained by ldapcd
caching daemon (see Figure 20). Each thread handles one connection to a local program.
Allowing a higher number of threads enables better response from the LDAP caching daemon,
but requires more memory. If you are running a service that requires a large number of
connections (for example, a mail service), set the maximum number of threads to 64 or greater
(if your system has sufficient memory).
11. The value of Password Entries in Cache determines how many individual passwd entries are
allowed to be cached. The value of Password Expire Cache determines the maximum length
of time that the ldapcd caching daemon will check the cache for an individual passwd entry.
When the value of Password Expire Cache is exceeded, the ldapcd daemon returns to the
server to look for the requested passwd entry.
12. The values for Group Entries in Cache and Group Expire Cache work similarly to Password
Entries in Cache and Password Expire Cache, respectively, but apply to group entries.
13. Click on Submit.
If the ldapcd.conf file was successfully updated, the Define System Parameters form is
redisplayed with the Success icon at the top.
Configuring LDAP Password Attributes
To configure LDAP password attributes, follow these steps:
1. From the Administration utility Main menu, choose Manage System.
2. From the Manage System menu, choose Configure LDAP Module for System Authentication.
3. From the LDAP Module for System Authentication Administration menu, choose Modify
Configuration.
4. From the Modify Configuration menu, choose Configure Password Attributes.
When the Configure Password Attributes form is displayed, the default values shown are those
stored in the /etc/ldapcd.conf file.
5. Using the Configure Password Attributes form, you can modify the mapping between LDAP
attributes and the fields in the passwd structure returned by a call to getpwent. By default,
the getpwent fields are mapped to the attribute names defined by the Internet Express
extended schema (see Section : Extended LDAP Schema for UNIX Account Information).
The Object Class Name field represents the object class for the password structure in the LDAP
schema. Only change this field if you are using an object class other than the default
(posixPassword). The object class chosen must contain attributes for all of the components
of a passwd entry. See the passwd(4) reference page for more information about passwd
entries.
The Password Branch Name field is used as the starting point in the LDAP directory for password
entries. Branches are used to partition a directory into smaller, easier to manage sections and
are not required.
74 User Authentication