ldapcd.conf man page on Tru64

Man page or keyword search:  
man Server   12896 pages
apropos Keyword Search (all sections)
Output format
Tru64 logo
[printable version]

ldapcd.conf(4)							ldapcd.conf(4)

NAME
       ldapcd.conf - Configuration file for LDAP authentication.

SYNOPSIS
       /etc/ldapcd.conf

DESCRIPTION
       The  ldapcd.conf	 file contains the configuration and operating parame‐
       ters for the LDAP authentication daemon.

       To modify ldapcd.conf, use one of the following methods: Use the SysMan
       Menu  options.  Expand  the  menu and select General Tasks - Setup LDAP
       Configuration. When you select this option, a window titled  LDAP  Con‐
       figuration  is  displayed,  containing a list of the LDAP configuration
       attributes. When you select an attribute from the list, a dialog box is
       displayed showing the current attribute value and providing an area for
       you to enter a new attribute value.  Use a  text	 editor	 to  edit  the
       ldapcd.conf file and modify the parameters.

       If you use a text editor to edit the configuration file, you must enter
       only one parameter per line. To create comments, use  the  number  sign
       (#).   Any  characters  after the number sign are ignored to the end of
       the line. Blank lines and any leading trailing white space on a lie are
       also  ignored.  The  file  format for ldapcd.conf is as follows: # com‐
       ment_string

       parameter: integer

       identifier: string

       identifier: "quoted_string,quoted_string,..."

   Parameters
       You can modify the values of the caching parameters  as	follows:  Host
       name  of	 the LDAP directory server to be used for user authentication.
       The root of the branch in the directory server's	 database  where  user
       information  is	stored.	  The default directory server port; this must
       match the port you are using for the directory server.  The  number  of
       open connections that the caching daemon makes to the active directory.
       Increasing the value of this entry opens more connections to the active
       directory,  however  this  consumes more file descriptors and increases
       the load on the active directory.  Typically, 4	connections  are  ade‐
       quate for a workstation and 15 connections are adequate for a server.

	      Default:	4  connections Maximum number of threads maintained by
	      the ldapcd caching daemon. Each thread handles one connection to
	      a	 local program. Allowing a higher number of threads may enable
	      better response from the LDAP caching daemon, but requires  more
	      memory.  If you are running a service that requires a large num‐
	      ber of connections (for example, a mail service), set the	 maxi‐
	      mum  number of threads to 64 or greater (if your system has suf‐
	      ficient memory).	The maximum number of user entries to store in
	      cache.  Increase or decrease this value as the maximum number of
	      users increases or decreases.

	      Default: 500 entries The maximum number of seconds  to  cache  a
	      user  entry. Increasing this value increases performance because
	      a user's entry is readily available in the cache. If you	delete
	      a recently used user account, its entry remains in the cache for
	      the amount of time specified by this parameter.

	      Default: 900 seconds.  The maximum number of group IDs to cache.
	      Increasing  this	value  increases performance because group IDs
	      are readily available in the cache.

	      Default: 100 group IDs The maximum number of  seconds  to	 cache
	      group IDs.

	      Default:	900  seconds  The  value  of machine_dn is the distin‐
	      guished name by which the ldapcd caching	daemon	binds  to  the
	      directory	 to do searches and retrievals of information from the
	      directory. By requiring each system to use a particular DN,  you
	      can determine which machines are accessing the directory and for
	      what purpose.  Further, you can also  control  read  and	search
	      access  to  the  directory on a machine-account basis.  The name
	      for the object class that defines the attributes for a  netgroup
	      entry in the extended schema on your server.

	      Typically	 this  is set to nisNetGroup as specified in RFC 2307.
	      If you change this object class, you must also ensure  that  the
	      rest  of	 the  nisnetgrp*  attributes in ldapcd.conf are set to
	      attributes in the new object class.   LDAP  attribute  name  for
	      netgroup name. The default value is cn.  LDAP attribute name for
	      defining a  netgroup  triple  with  the  syntax  (hostname,user‐
	      name,domainname).	 The default value is nisNetgroupTriple.  LDAP
	      attribute name for defining a member netgroup.  The  default  is
	      memberNisNetgroup.   If  specified,  sets the root branch in the
	      directory server's database where netgroup entries  are  stored,
	      overriding  the  searchbase  parameter.	If specified, sets the
	      root branch in the directory server's database	   where  user
	      entries  are  stored,  overriding	 the searchbase parameter.  If
	      specified, sets the root branch in the directory server's	 data‐
	      base  where  group entries are stored, overriding the searchbase
	      parameter.  Password associated with the machine_dn entry.   The
	      name for the object class that defines the attributes for a UNIX
	      account in the extended schema on your server.

	      Typically this is set to posixAccount as specified in RFC	 2307.
	      If  you change this object class, you must  also ensure that the
	      rest of the pw_* attributes in ldapcd.conf are set to attributes
	      in  the  new  object  class.   LDAP attribute name mapped to the
	      pw_username field in the group structure returned by a  call  to
	      getpwent(3).   LDAP  attribute  name  mapped  to the pw_password
	      field in the group structure returned by a call to  getpwent(3).
	      Only  the	 encrypted  password  is  stored  in  the userPassword
	      attribute.  LDAP attribute name mapped to the  pw_uid  field  in
	      the  group  structure  returned  by a call to getpwent(3).  LDAP
	      attribute name mapped to the pw_gid field in the group structure
	      returned	by  a call to getpwent(3).  LDAP attribute name mapped
	      to the pw_quota field in the group structure returned by a  call
	      to  getpwent(3).	 LDAP  attribute name mapped to the pw_comment
	      field in the group structure returned by a call to  getgrent(3).
	      LDAP  attribute  name  mapped to the pw_gecos field in the group
	      structure returned by a call  to	getpwent(3).   LDAP  attribute
	      name  mapped  to	the  pw_homedir	 field	in the group structure
	      returned by a call to getpwent(3).  LDAP attribute  name	mapped
	      to  the pw_shell field in the group structure returned by a call
	      to getpwent(3).  LDAP class name mapped to the  gr_oclass	 field
	      in  the group structure returned by a call to getgrent(3).  LDAP
	      group name mapped to the gr_class field in the  group  structure
	      returned	by  a call to getgrent(3).  LDAP group password mapped
	      to the gr_class field in the group structure returned by a  call
	      to  getgrent(3).	 LDAP group id mapped to the gr_class field in
	      the group structure returned by a	 call  to  getgrent(3).	  LDAP
	      member  uid  mapped to the gr_class field in the group structure
	      returned by a call to getgrent(3).

   Using a Revised Configuration
       If you change the value of a cache parameter  in	 the  /etc/ldapcd.conf
       file,  you  must enter the following command to read the new configura‐
       tion and restart the daemon: # /sbin/init.d/ldapcd restart

EXAMPLE
       The following example shows a typical configuration file:

       # # directory server and port, active ldap connections cached # by  the
       daemon,	max  worker  threads  started  #  directory:	  host.xyz.com
       searchbase:     "o=XYZCompany" port:	       389  connections:     6
       max_threads:    64

       # # max entries in cache, and number of seconds before entries # expire
       in the cache # pw_cachesize:   2000 pw_expirecache:  120	 gr_cachesize:
       100 gr_expirecache: 600

       .   .  .	 machine_dn:	 "cn=Directory Manager" machine_pass:	"pass‐
       word"

       #

       .  .  .

       # the objectClass name of a password entry pw_oclass:	  posixAccount

       # name mappings	for  password  attribute  fields  pw_username:	   uid
       pw_password:	  userPassword	 pw_uid:	   uidNumber   pw_gid:
       gidNumber pw_quota: pw_comment:	   description	pw_gecos:	 gecos
       pw_homedir:     homedirectory pw_shell:	     loginshell

       # the objectClass name of a group entry gr_oclass:      posixGroup

       #  name	mappings  for group attribute fields gr_oclass:	     unixGroup
       gr_name:	       cn gr_password:	  userPassword gr_gid:	       gidNum‐
       ber gr_members:	   MemberUID

FILES
       Location of the file.

								ldapcd.conf(4)
[top]
                             _         _         _ 
                            | |       | |       | |     
                            | |       | |       | |     
                         __ | | __ __ | | __ __ | | __  
                         \ \| |/ / \ \| |/ / \ \| |/ /  
                          \ \ / /   \ \ / /   \ \ / /   
                           \   /     \   /     \   /    
                            \_/       \_/       \_/ 
More information is available in HTML format for server Tru64

List of man pages available for Tru64

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net