Administering LDAP-UX Client Services

Client Daemon Performance

does not exist, every time a user displays information about this file, using the ls command, a request to the directory server will be generated.

The ldapclientd daemon currently supports caching of passwd, group, netgroup and automount map information. ldapclientd also maintains a cache which maps user’s accounts to LDAP DNs. This mapping allows LDAP-UX to support groupOfNames and groupOfUniqueNames for defining membership of an HP-UX group.

Although there are many benefits to caching, administrators must be aware of the side-effects of their use. Here are some examples to consider:

Table 4-2

 

Map Name

Benefits

Example

 

Side-Effect

 

 

 

 

 

 

 

 

passwd

Reduces greatly the

Removing this

 

 

number of requests

information from

 

 

sent to a directory

the directory may

 

 

server during a login

not be visible to

 

 

or other operation

the operating

 

 

such as displaying

system until after

 

 

files owned by that

the cache has

 

 

user.

expired. In

 

 

 

certain cases, this

 

 

 

may allow a user

 

 

 

to login to an

 

 

 

HP-UX host, even

 

 

 

after his account

 

 

 

has been removed

 

 

 

from the LDAP

 

 

 

directory server.

 

 

 

(In general this is

 

 

 

not a problem

 

 

 

when pam_ldap is

 

 

 

used for

 

 

 

authentication,

 

 

 

since

 

 

 

authentication

 

 

 

requests are not

 

 

 

cached.)

 

 

 

 

 

 

 

 

Chapter 4

127