6The value of pw_cachesize determines how many individual passwd entries are allowed to be cached. The value of pw_expirecache determines the maximum length of time that the ldapcd caching daemon will check the cache for an individual passwd entry. When the value of pw_expirecache is exceeded, the ldapcd daemon returns to the server to look for the requested passwd entry.

The values for gr_cachesize and gr_expirecache work similarly to pw_cachesize and pw_expirecache, but they work for group entries.

7The value of machine_dn is the distinguished name by which the ldapcd caching daemon

binds to the directory to do searches and retrievals of information from the directory. By requiring each system to use a particular DN, you can determine which machines are accessing the directory and for what purpose. Further, you can also control read and search access to the directory on a machine-account basis.

8The name for the object class that defines the attributes for a UNIX account in the extended schema on your server (see Section : Extended LDAP Schema for UNIX Account Information).

9LDAP attribute names (on the right) are mapped to fields (on the left) in the passwd structure returned by a call to getpwent.

10Only the encrypted password is stored in the userPassword attribute.

11The name for the object class that defines the attributes for a UNIX group in the extended schema defined on your server (see Section : Extended LDAP Schema for UNIX Account Information).

12LDAP attribute names (on the right) are mapped to fields (on the left) in the group structure returned by a call to getgrent(3).

Note:

HP recommends you use the Administration utility to modify the ldapcd.conf file.

Creating Branches

By creating branches, you can organize an LDAP directory tree into meaningful categories of information, each with its own search base. The use of branches can improve the performance of an LDAP server by allowing queries to be confined to the branch that contains the information of interest. For example, you might create a separate branch to contain user information. To create a user information branch on the directory server, follow these steps:

1.Find the following information in the /etc/ldapcd.conf file:

Value of searchbase

Value of machine_dn

Value of machine_pass

2.Decide on a name for a new branch; for example, accounts.

3.Create a file containing the following, substituting the value you found in step 1 for searchbase:

dn: ou=accounts,o=searchbase

objectclass: top

objectclass: organizationalUnit

ou: accounts

description: description

4.Run the following command, substituting the values you found in step 1 for searchbase, machine_dn, and machine_pass, and specify the name of the file you created in step 3 with the -foption:

/usr/local/bin/ldapmodify -add \

-D "machine_dn" -w "machine_pass" \ -ffile

Managing the LDAP Module for System Authentication 69

Page 68 Page 70
Page 69
Image 69
HP UX Internet Express Software manual Creating Branches, Value of searchbase Value of machinedn Value of machinepass
Page 68 Page 70
Top Page Image Contents