Profile Attributes
profileTTL is the recommended time interval before refreshing the cached configuration profile.
searchTimeLimit is how long, in seconds, a client should wait for directory searches before aborting. 0 (zero) means no time limit. If this attribute has no value, the default is no time limit.
serviceSearchDescriptor is one to three custom search descriptors for each service. The format is Service:BaseDN?Scope?(Filter) where Service is one of the supported services passwd, group, shadow, or pam. BaseDN is the base DN at which to start searches. Scope is the search scope and can be one of the following: one, base, sub. Filter is an LDAP search filter, typically the object class. Each service can have up to three custom search descriptors.
For example, the following defines a search descriptor for the passwd service specifying a baseDN of ou=people,ou=unix,o=hp.com, a search scope of sub, and a search filter of the posixAccount object class.
passwd:ou=people,ou=unix,o=hp.com?sub?(objectclass=posixAccount)
190 | Appendix B |