HP UX Internet Express Software manual Example 2 Ldap Caching Daemon Configuration File

Page 68

Example 2 LDAP Caching Daemon Configuration File

#

#directory server and port, active ldap connections cached

#by the daemon, max worker threads started

#

directory: host.xyz.com 1

searchbase: "o=XYZCompany" 2

port:389 3

connections: 6 4

max_threads: 64 5

#

#max entries in cache, and number of seconds before entries

#expire in the cache

#

pw_cachesize: 2000 6

pw_expirecache: 120

gr_cachesize: 100

gr_expirecache: 600

machine_dn: "cn=Directory Manager" 7 machine_pass: "password"

#

# the objectClass name of a password entry

pw_oclass: posixAccount 8

#name mappings for password attribute fields

pw_username: uid 9

pw_password: userPassword 10

pw_uid: uidNumber

pw_gid: gidNumber pw_quota:

pw_comment: description

pw_gecos: gecos

pw_homedir: homedirectory

pw_shell: loginshell

# the objectClass name of a group entry

gr_oclass: posixGroup 11

#name mappings for group attribute fields

gr_oclass: unixGroup 12

gr_name: cn

gr_password: userPassword

gr_gid: gidNumber

gr_members: MemberUID

1Host name of the LDAP directory server to be used for user authentication.

2The root of the branch in the directory server's database where user information is stored.

3 The default directory server port; this must match the port you are using for the directory server.

4 Maximum number of open connections to the directory server maintained by the ldapcd caching daemon.

5 Maximum number of threads maintained by the ldapcd caching daemon. Each thread handles one connection to a local program. Allowing a higher number of threads may enable better response from the LDAP caching daemon, but requires more memory. If you are running a service that requires a large number of connections (for example, a mail service), set the maximum number of threads to 64 or greater (if your system has sufficient memory).

68 User Authentication

Page 67 Page 69
Image 68
Page 67 Page 69
Contents Internet Express for Tru64 Unix Version AbstractPage Contents User Authentication Mail Delivery Administration Mail Access Administration 132 Network Security Administration 167 Web Services Administration 155XML Component Administration 164 Proxy Services Administration 190 Ldap Directory Server Administration 195Samba File and Print Server Administration 216 OpenSLP Administration 207FTP Server Administration 213 InterNetNews Server Administration 225 Internet Relay Chat Administration 248PostgreSQL Database and MySQL Administration 249 Bind Domain Name Server Administration 260Jabber 265 Twiki 266Document Organization About This DocumentIntended Audience Command Typographic ConventionsComputer output User inputReading Documentation Using the Administration Utility Reading Documentation Using the Public Web ServerRelated Information Reading the DocumentationReading Documentation from the Internet Express CD-ROM Reading Reference Pages for Internet Express ComponentsOn a Tru64 Unix System On a PCReaders Comments Reading the Open Source Software Component Documentation# man -M /usr/news/man active.5 Internet electronic mail readerscomment@zk3.dec.comReaders Comments Using the Administration Utility Using the Administration UtilityUsing the Administration Utility Main Menu Administration Utility Menu Options and TasksRegistering Your Internet Express Installation Navigating the Administration UtilityUsing Administration Utility Forms Register OnlineSample Administration Utility Form Accessing Administration Servers Internet Express Accounts and PortsPort Number Description 8081 Internet ExpressManaging Internet Express in a TruCluster Environment Accessing the Internet Express Login AccountAccessing and Managing the Internet Monitor TruCluster Impact on Internet Express Administration Installing and Removing ComponentsUsing Internet Express Services in a Cluster Installing and Removing Components Keywords for URL LineHostname of the local host Port number from the current Web serverAccessing Web-Based System Management Tools Performing Web-Based System ManagementTuning Kernel Attribute Values Accessing Web-Based System Management ToolsUsing the Administration Utility Open Source Software Web Sites Where to Find More InformationInternet Express and AlphaServer Products Web Sites Expect FirefoxFreeRADIUS GnuPGIRC Server JabberLynx Web Browser Majordomo Automated Internet Mailing Lists ManagerMySQL OpenLDAPOpenSLP PerlPostgreSQL Relational Database Management System Procmail Mail Filtering LanguagePure-FTP Server Samba File and Print ServerSystem Security Web Sites Other Useful Web Sites ApplicationsInterNIC MicrosoftEncompass User Administration Manage Users MenuUser Administration Overview of User AccountsAssigning Passwords to User Accounts Purging Obsolete PasswordsSpecifying User Names Overview of User AccountsSearching for User Accounts Searching for User AccountsAssigning Users to Groups Selecting User AccountsCreating Captive Accounts for Named Users Shows the Create Named User Account formCreating Captive Accounts for Generic Users Creating a Named User AccountCreating a Noncaptive Account for a Unix System User Creating Generic User AccountsTo create a group, see Section Creating Groups Creating a Noncaptive Account for a Unix System UserCreating Groups Creating a System User AccountDisplaying User Account Information Creating GroupsDeleting User Accounts Displaying User Account InformationChanging Groups for User Accounts Changing Groups for User AccountsUser Administration Changing the Password for an Account Changing the Password for an AccountChanging Mail Services for Users Changing Mail Services for Users Assigning Regular Delivery Mail ServiceAssigning POP with Password Mail Service Assigning the Cyrus Imap Mail Service Assigning Cyrus Imap with Password Mail ServiceAssigning Apop with Password Mail Service Managing the iass AccountChanging the iass Account Forwarding Address Managing the .users.list FileManaging the User Self-Administration Feature Listing User Accounts and PasswordsPurging Passwords for User Accounts Removing the .users.list FileEnabling and Disabling the User Self-Administration Feature Managing the User Self-Administration FeatureManage User Self-Administration Menu Modifying the Web Server Configuration Configure Web Server for Self-Administration FormEnabling and Disabling Login Delays Modify Web Server ConfigurationManaging User Self-Administration Groups Adding GroupsDeleting and Modifying Groups Adding GroupsCustomizing the User Self-Administration Feature Enabling and Disabling GroupsUser Administration Managing the Ldap Module for System Authentication User AuthenticationManaging the Ldap Module for System Authentication Example 1 Security Matrix Enabled for Ldap User AuthenticationLdap Caching Daemon Example 2 Ldap Caching Daemon Configuration File Creating Branches Value of searchbase Value of machinedn Value of machinepassExtended Ldap Schema for Unix Account Information Userbranch ou=accounts,searchbaseIndexing Attributes for the Directory Servers Ldap Database Index Types Configuring the Ldap Module for System AuthenticationAdding Indices for OpenLDAP Defining Ldap System Parameters Modifying the Ldap Module ConfigurationConfiguring the Ldap Module for System Authentication Configuring Ldap Password Attributes Configuring Ldap Group Attributes Enabling and Disabling the Ldap Module Testing the Ldap Module ConfigurationImporting and Exporting Users from /etc/passwd Importing Users into the Directory Server Importing Users from NISExporting Users from the Directory Server Adding an Ldap User in a C2 EnvironmentAccess Control Ldap Database Utilities Remove login names from specified group Remove login names from all groupsFile in which to store search results the default is Authentication mechanismAdding a User Entry Checking the Ldap Server ConfigurationExtracting Users from the /etc/passwd File Deleting a User Entry Retrieving a User EntryLdapsyncuser -b branch filename Synchronizing with a Password FileAdding a Group Entry Maintaining Group Membership Deleting a Group EntrySetting a Users Password in the Ldap Directory Server Retrieving a Group EntryStarting the ldapcd Daemon Ldapgetgroup -b branch -f input-fileMaintaining the Ldap Directory Server Using Ldap Commands Stopping the ldapcd DaemonAdding Entries to an Ldap Database Modifying Entries in an Ldap DatabaseAuthentication Actions Performed Files Modified by theLDAP Module for System AuthenticationOverview of the Ldap Client Actions Performed by the Ldap ClientOperation of login/su Behavior of the the ldapdc DaemonDebugging ldapdc Etc/ldapusers.allow# su user1 Mail Delivery Administration Sendmail Server AdministrationMail Delivery Administration Bogofilter to filter spam Section Bogofilter Spam FilterConfiguring the System as a Standalone Mail System Configuring the System as a Mail ClientConfiguring the System as a Mail Server Ldap see Section Configuring LdapCreating and Deleting Host Aliases for a Mail Server Changing the Sendmail Server Configuration Sendmail Server AdministrationConfiguring Mail Protocols PSInet see Section Configuring the X.25 ProtocolThrough Section Configuring the X.25 Protocol Creating and Deleting Pseudo Domain AliasesConfiguring the MTS Protocol Configuring the DECnet Phase IV ProtocolConfiguring the DECnet/OSI Protocol Configuring the Uucp Protocol Configuring the X.25 ProtocolConfiguring Masquerading Accessing the Configure Masquerading FormRoot Postmaster News Uucp Configuring Your System for Masquerading Mailer-daemon Rdist Nobody Daemon Pop ImapConfiguring Virtual Domains Example 4 Sample Virtual Domain Table# makemap btree virtusertable virtusertable Enabling Procmail as a Local Mailer Enabling Anti-VirusConfiguring Anti-Spam Configuring RelayingConfiguring the Access Database Example 5 Sample Access Database for the Sendmail ServerConfiguring an Access Database Configuring Ldap Configuring Checking on Senders InformationConfiguring Mail Filters Milter Shows the Configure Ldap formSocket local/var/run/f1.sock Socket inet1099@remotehost.comSocket inet61066@myhost.com Socket inet1066@myhost.com,T=C5mS10sR10sE5mSample -p local/var/run/example1.sock Configuring Queues Adding a QueueDeleting a Queue Group # sendmail -bt -q queue-nameModifying a Queue Group General Queue Properties Configuring Queue PerformanceQueue Timers Sendmail Tunable Parameters Configuring Trusted Layer SecuritySendmail Timers Certificate Defaults Certificate Issuer One that issues certificates a CATLS Certificate Values Certicate Authority Abbreviation Certificate AuthorityEnabling Support Using the Access Database VERIFYbits CIname Sendmail Server Administration Marked as permanentFailure marked as temporary SideRelay or Subject Configuring Mailbox AccessControlling the Sendmail Server Majordomo Mailing List Administration Majordomo Mailing List AdministrationViewing the Sendmail Server Log Creating a Majordomo Mailing ListChanging a Majordomo Mailing List Configuration Changing List Owner or CharterChanging Administration Parameters Changing Subscription ParametersChanging Message Content Parameters Changing Command Access Parameters Changing Digest ParametersChanging Moderated List Parameters Changing List Restriction ParametersMailman Deleting a Majordomo ListChanging Address Processing Parameters MailmanCreating the Initial Mailman List Using a Script Create a Mailing ListDeleting a Mailing List Managing MailmanMailman Mailing List Administration Menu Bogofilter Spam Filter Mailman ScriptsMailman Log Files Training BogofilterUsing Bogofilter with procmail Filtering with BogofilterFilter Integration with Other Tools Bogofilter/wordlist.dbMail Transport Agent MTA Integration with Bogofilter Mutt Integration with BogofilterPine Integration with Bogofilter Bogofilter Spam Filter Mail Access Administration POP Mail Server AdministrationControlling the POP3 Server Controlling the POP2 ServerViewing the POP Mail Server Log Imap Mail Server AdministrationImap Mail Server Administration Converting Imap Mail Folders Setting Up a Unix User Account for UW ImapSetting Up a Unix User Account for Cyrus Imap Controlling the Cyrus Imap Server Controlling the UW Imap ServerUsr/dt/bin/mailcv -evdt -I -f foldername directoryname user Usr/dt/bin/mailcv -I -t -f ./bar dukeConfiguring SSL for UW-IMAP Viewing the Imap Server LogIMP Webmail Administration IMP Webmail AdministrationAccessing the IMP Webmail Administration Menu Enabling and Disabling IMP WebmailManaging Mail Server Settings Enable/Disable IMP WebmailAdding a Mail Server IMP Mail Server SettingsModifying the Mail Server List IMP Mail Server List Settings Deleting a Mail Server Managing Mailbox SettingsModifying a Mail Server Managing Compose Settings IMP Mailbox SettingsPreference settings Managing Message SettingsIMP Compose Settings Managing Logging Settings IMP Message SettingsIMP Logging Settings Managing Preference Driver Settings Preference Driver SettingsManaging Miscellaneous IMP Settings Managing Horde SettingsMiscellaneous IMP Settings Setting Description Allow usage of foldersHorde Settings Managing Turba Settings Using IMP Upgrade Tools IMP Turba SettingsSetting Description Enabled Have access to their addressbookUpgrading IMP Configurations Upgrading IMP DatabasesIMP Database Upgrade Settings New Preference Table Accessing IMP WebmailAdditional Webmail Documentation Secure Web Server Administration Web Services AdministrationSecure Web Server Administration Accessing the Secure Web Servers Internet Express Ports and URLsChanging Configuration Parameters Configuration Files for Secure Web ServersWeb Server Management ServerChanging the Password for the Administration Web Server Httpd.conf Srm.conf Access.confCreating the Search Index Ht//Dig Search Tool AdministrationHt//Dig Search Tool Administration Ht//Dig Indexing and Search Administration Link to Ht//Dig Search Index Updated Ht//Dig Configuration File Message Http//hostname/htdig/search.html Searching the IndexDocumentation Directories and Subsets for XML Components XML Component AdministrationDirectories and Subsets for XML Components Apache Axis Server Administration Apache Cocoon Servlet AdministrationApache Axis Server Administration Managing the Apache Axis ServerViewing the Cocoon Log Files Managing the Apache Cocoon ServletEnabling and Disabling the Cocoon Servlet Network Security Administration TCP Wrapper AdministrationNetwork Services Wrapped by Internet Express Network Services Wrapped by Internet ExpressControlling Access to Other Network Services Modifying Access to a Wrapped Network ServiceTesting TCP Security Modifications Network Service Access OptionsFireScreen Administration FireScreen Administration MenuInstalling FireScreen FireScreen AdministrationChecking FireScreen Installation Prerequisites Etc/rc.config fileFireScreen Administration Install FireScreen Page with Gateway Screening Enabled Configuring FireScreen Setting Command-Line Options Configure FireScreen MenuSet Options Confirmation Setting the Screening Mode Adding a Screening RuleAdd New Screening Rule Form Checking Syntax of Screening Rules Deleting a Screening RuleStarting and Stopping FireScreen Starting FireScreenStart/Stop FireScreen Form with Restart Option Enabled Stopping FireScreenViewing the FireScreen Log Viewing FireScreen StatusViewing FireScreen Screening Rules Usr/internet/docs/snort Snort documentation Snort Intrusion Detection SystemViewing FireScreen Statistics Configuring Snort Decoder Configuring Snort PreprocessorOption Disable Decode Alert Snort -vd -l ./logViewing Alert Messages FreeRADIUS Server AdministrationRunning Snort Considerations While Installing FreeRADIUS Understanding FreeRADIUS Configuration FilesStarting and Stopping the FreeRADIUS Server Users FileRadiusd.conf file Configure --disable-shared make make installClients.conf file Viewing FreeRADIUS Log File Proxy Services Administration Dante Socks Server AdministrationProxy Services Administration Controlling the Dante Socks ServerSquid Proxy/Caching Server Administration Configuring the Dante Socks ServerAccessing Dante Socks Information Squid Proxy/Caching Server AdministrationManaging the Squid Proxy/Caching Server Configuring the Squid Proxy/Caching ServerReinitializing the Disk Cache Displaying Access Statistics Rotating Log FilesControlling the Squid Proxy/Caching Server Understanding the Ldap Directory Schema Ldap Directory Server AdministrationUnderstanding the Ldap Directory Schema Example 6 Ldap Standard Object Class Definition for Person Using the Ldap BrowserLdap Directory Server Administration Installing and Running the Ldap Browser Connecting to an Ldap ServerManaging Frequently Used Connections Creating or Editing Frequently Used ConnectionsConnecting to an Ldap Server using SSL Reconnecting to an Ldap Server Using the Main Browsing WindowDisconnecting from an Ldap Server Controlling Client-Side Schema Checking Opening a New Main WindowClosing a Main Window Viewing a Directory Entry in a Separate WindowAdding a New Directory Entry Modifying a Directory EntryDeleting a Directory Entry Copying a Directory EntryRenaming a Directory Entry Moving a Directory EntryAdding Attributes Modifying AttributesDeleting Attributes Managing Directory Entry TemplatesCreating Entry Templates Modifying Entry TemplatesSearching the Directory Viewing the Object Class SchemaViewing the Attribute Schema Managing and Using the OpenLDAP Directory Server User Configuration FileConfiguring the OpenLDAP Directory Server Managing the OpenLDAP Directory ServerLdap Directory Server Administration OpenSLP Overview OpenSLP AdministrationConfiguration Files and Examples Configuring Optional Security Configuring OpenSLPUsing the OpenSLP Configuration and Registration Files Running the Services Configuring OpenSLPRunning the Example Configuration Considerations for Using SLP APIsDocumentation DocumentationOpenSLP Administration FTP Server Administration Administering Pure-FTP ServerAdministering Pure-FTP Server Creating or Modifying an Anonymous Pure-FTP User AccountEnabling or Disabling Anonymous Pure-FTP Access FTP Server AdministrationEnabling or Disabling chroot Upload /data/ftp /pub yes ftp daemonDisplaying Active Pure-FTP Users Enabling or Disabling Pure-FTP serverSamba File and Print Server Administration Options for Modifying the smb.conf Configuration FileUnderstanding the smb.conf Configuration File Samba File and Print Server AdministrationUnderstanding the smb.conf Configuration File WorkgroupAdd the following value Administering the Samba Server Using the Swat Program Administering the Samba Server Using the Swat ProgramConfiguring the Samba Server Using the Swat Program Samba File and Print Server Administration Configure the Samba Server Menu Manage passwords see Section Administering Passwords Configuring Global VariablesConfiguring Share Parameters Viewing the Current Configuration Administering PasswordsControlling Printers Viewing the Status of the ServerSamba File and Print Server Administration InterNetNews Server Administration 225INN Daemons Specifying INN Configuration DataInterNetNews Server Administration Configuring an External Newsfeed Configuring an External NewsfeedDisplaying an External Newsfeed Recommended Spool Space for News ArticlesArticle Retention Period Days 12 GBAdding an External Newsfeed Typically, a newsfeed has the following flags set Removing an External Newsfeed Modifying Newsfeed DefaultsModifying an External Newsfeed Managing Client Access Updating the Local Active FileAccess Groups Form Fields Displaying Client Access GroupsAdding a Client Access Group Modifying an Existing Client Access Group Removing a Client Access GroupDisplaying Client Authentication Groups Managing Client Authentication GroupsAdding Client Authentication Groups Client Authentication Groups Menu FieldsModifying Client Authentication Groups Usr/bin/news/auth/passwdConfiguring Storage Options Configuring Storage Method EntriesDeleting Client Authentication Groups Configuring Storage OptionsModifying a Storage Method Class Options on the Configure Storage MenuAdding a New Storage Method Class Configuring the Cnfs Storage Method Deleting a Storage Method ClassDisplaying Cnfs Entries Adding New Cnfs EntriesModifying Cnfs Entries Managing Article Expiration Displaying Article Expiration DefinitionsDeleting Cnfs Entries Managing Article ExpirationAdding an Article Expiration Definition Specific newsgroup for example, rec.photoManaging Article Expiration Modifying an Article Expiration Definition Specifying an Article Expiration DefinitionManaging Local Newsgroups Deleting an Article Expiration DefinitionModifying the Retention Period for Expired Articles Managing Local NewsgroupsDeleting Local Newsgroups Viewing INN Log FilesCreating Local Newsgroups Controlling the INN Server Controlling the INN ServerInternet Relay Chat Administration Configuring IRCInternet Relay Chat Administration Controlling the IRC ServerPostgreSQL Database and MySQL Administration Installing PostgreSQLInstalling PostgreSQL Starting and Stopping PostgreSQL ServerPostgreSQL Database and MySQL Administration Viewing the PostgreSQL Log FileImportant Files and Directories Administering PostgreSQL AccountsAdministering PostgreSQL Accounts Setting up a Crontab Entry for Vacuuming Databases Using Existing PostgreSQL AccountsRunning the Postmaster Startup Script PostgreSQL Files and DirectoriesSetting up a Crontab Entry for Vacuuming Databases PostgreSQL Database and MySQL Administration Setup Vacuum Crontab Form #/sbin/init.d/postgres start Scaling PostgreSQL#/sbin/init.d/postgres stop Scaling PostgreSQL #/sbin/sysconfig -q ipc#ps -ef grep postmaster Administering MySQL Directories and Files Established by MySQL InstallationStarting and Stopping MySQL MySQL DirectoriesStarting and Stopping the MySQL Server Using a Command Line MySQL Configuration FilesViewing the MySQL Error Log MySQL Log FilesBind Domain Name Server Administration Bind OverviewImportant Bind Files and Directories Bind Files and DirectoriesBind Binary File Directories Enabling Bind Running the Bind Startup Script Bind DocumentationEnter /sbin/init.d/named start Enter /sbin/rcinet start Running the Bind Startup ScriptHttp//ops.ietf.org/dns/dynupd/secure-ddns-howto.html Controlling the Jabber Server JabberControlling the Jabber Server Twiki TwikiStarting TWiki Stunnel Sample client server configurationSample client server configuration Sendmail Supplemental Information Creating a Certificate of AuthorityBackground OpenSSL Certificate Creation Sample mail filter Section Mail Filter ExampleMail Filter Example Mail Filter ExampleSendmail Supplemental Information Smfiversion Glossary GlossaryFTP 273See also Https See TCP/IP 275Index SymbolsIndex 277 Decus see Encompass deinstall.sh scriptWeb site, 30 external newsfeed adding Index 279 Ldap client, 87 Ldap commandsLog file FireScreen viewing, 183 login account Index 281 OpenLDAP Project Web sitePoppassd server controlling Screening mode, 178 screening rule FireScreen TIN 283
Related manuals
Manual 34 pages 37.15 Kb
Top Page Image Contents