Distinguished Name to cn=root,o=<hostname>. The OpenLDAP Directory Server uses the password specified to access the iass login account and the administration servers for the initial Root DN Password.

6.The System Name is the name of the system on which the LDAP directory server is running or a comma-separated list of names of systems on which replicated directory servers are running.

7.Search Base is the top level of the branch in the LDAP database containing user information (see Section : Creating Branches).

8.The Port Number value must match the port you are using for the directory server. The default port for the directory server is 389.

9.The Active Connections value specifies the maximum number of open connections maintained by ldapcd caching daemon (see Figure 20).

10.The Thread Maximum value specifies the maximum number of threads maintained by ldapcd caching daemon (see Figure 20). Each thread handles one connection to a local program. Allowing a higher number of threads enables better response from the LDAP caching daemon, but requires more memory. If you are running a service that requires a large number of connections (for example, a mail service), set the maximum number of threads to 64 or greater (if your system has sufficient memory).

11.The value of Password Entries in Cache determines how many individual passwd entries are allowed to be cached. The value of Password Expire Cache determines the maximum length of time that the ldapcd caching daemon will check the cache for an individual passwd entry. When the value of Password Expire Cache is exceeded, the ldapcd daemon returns to the server to look for the requested passwd entry.

12.The values for Group Entries in Cache and Group Expire Cache work similarly to Password Entries in Cache and Password Expire Cache, respectively, but apply to group entries.

13.Click on Submit.

If the ldapcd.conf file was successfully updated, the Define System Parameters form is redisplayed with the Success icon at the top.

Configuring LDAP Password Attributes

To configure LDAP password attributes, follow these steps:

1.From the Administration utility Main menu, choose Manage System.

2.From the Manage System menu, choose Configure LDAP Module for System Authentication.

3.From the LDAP Module for System Authentication Administration menu, choose Modify Configuration.

4.From the Modify Configuration menu, choose Configure Password Attributes.

When the Configure Password Attributes form is displayed, the default values shown are those stored in the /etc/ldapcd.conf file.

5.Using the Configure Password Attributes form, you can modify the mapping between LDAP attributes and the fields in the passwd structure returned by a call to getpwent. By default, the getpwent fields are mapped to the attribute names defined by the Internet Express extended schema (see Section : Extended LDAP Schema for UNIX Account Information).

The Object Class Name field represents the object class for the password structure in the LDAP schema. Only change this field if you are using an object class other than the default (posixPassword). The object class chosen must contain attributes for all of the components of a passwd entry. See the passwd(4) reference page for more information about passwd entries.

The Password Branch Name field is used as the starting point in the LDAP directory for password entries. Branches are used to partition a directory into smaller, easier to manage sections and are not required.

74 User Authentication

Page 74
Image 74
HP UX Internet Express Software manual Configuring Ldap Password Attributes