 |
Index for
Section 4 |
|
 |
Alphabetical
listing for L |
|
 |
Bottom of
page |
|
ldapcd.conf(4)
NAME
ldapcd.conf - Configuration file for LDAP authentication.
SYNOPSIS
/etc/ldapcd.conf
DESCRIPTION
The ldapcd.conf file contains the configuration and operating parameters
for the LDAP authentication daemon.
To modify ldapcd.conf, use one of the following methods:
· Use the SysMan Menu options. Expand the menu and select General Tasks
- Setup LDAP Configuration. When you select this option, a window
titled LDAP Configuration is displayed, containing a list of the LDAP
configuration attributes. When you select an attribute from the list,
a dialog box is displayed showing the current attribute value and
providing an area for you to enter a new attribute value.
· Use a text editor to edit the ldapcd.conf file and modify the
parameters.
If you use a text editor to edit the configuration file, you must enter
only one parameter per line. To create comments, use the number sign (#).
Any characters after the number sign are ignored to the end of the line.
Blank lines and any leading trailing white space on a lie are also ignored.
The file format for ldapcd.conf is as follows:
# comment_string
parameter: integer
identifier: string
identifier: "quoted_string,quoted_string,..."
Parameters
You can modify the values of the caching parameters as follows:
directory
Host name of the LDAP directory server to be used for user
authentication.
searchbase
The root of the branch in the directory server's database where user
information is stored.
port
The default directory server port; this must match the port you are
using for the directory server.
connections
The number of open connections that the caching daemon makes to the
active directory. Increasing the value of this entry opens more
connections to the active directory, however this consumes more file
descriptors and increases the load on the active directory. Typically,
4 connections are adequate for a workstation and 15 connections are
adequate for a server.
Default: 4 connections
max_threads
Maximum number of threads maintained by the ldapcd caching daemon. Each
thread handles one connection to a local program. Allowing a higher
number of threads may enable better response from the LDAP caching
daemon, but requires more memory. If you are running a service that
requires a large number of connections (for example, a mail service),
set the maximum number of threads to 64 or greater (if your system has
sufficient memory).
pw_cachesize
The maximum number of user entries to store in cache. Increase or
decrease this value as the maximum number of users increases or
decreases.
Default: 500 entries
pw_expirecache
The maximum number of seconds to cache a user entry. Increasing this
value increases performance because a user's entry is readily available
in the cache. If you delete a recently used user account, its entry
remains in the cache for the amount of time specified by this
parameter.
Default: 900 seconds.
gr_cachesize
The maximum number of group IDs to cache. Increasing this value
increases performance because group IDs are readily available in the
cache.
Default: 100 group IDs
gr_expirecache
The maximum number of seconds to cache group IDs.
Default: 900 seconds
machine_dn
The value of machine_dn is the distinguished name by which the ldapcd
caching daemon binds to the directory to do searches and retrievals of
information from the directory. By requiring each system to use a
particular DN, you can determine which machines are accessing the
directory and for what purpose. Further, you can also control read and
search access to the directory on a machine-account basis.
machine_pw
Password associated with the machine_dn entry.
pw_oclass
The name for the object class that defines the attributes for a UNIX
account in the extended schema on your server.
Typically this is set to posixAccount as specified in RFC 2307. If you
change this object class, you must also ensure that the rest of the
pw_* attributes in ldapcd.conf are set to attributes in the new object
class.
pw_username
LDAP attribute name mapped to the pw_username field in the group
structure returned by a call to getpwent(3).
pw_password
LDAP attribute name mapped to the pw_password field in the group
structure returned by a call to getpwent(3). Only the encrypted
password is stored in the userPassword attribute.
pw_uid
LDAP attribute name mapped to the pw_uid field in the group structure
returned by a call to getpwent(3).
pw_gid
LDAP attribute name mapped to the pw_gid field in the group structure
returned by a call to getpwent(3).
pw_quota
LDAP attribute name mapped to the pw_quota field in the group structure
returned by a call to getpwent(3).
pw_comment
LDAP attribute name mapped to the pw_comment field in the group
structure returned by a call to getgrent(3).
pw_gecos
LDAP attribute name mapped to the pw_gecos field in the group structure
returned by a call to getpwent(3).
pw_homedir
LDAP attribute name mapped to the pw_homedir field in the group
structure returned by a call to getpwent(3).
pw_shell
LDAP attribute name mapped to the pw_shell field in the group structure
returned by a call to getpwent(3).
gr_oclass
LDAP class name mapped to the gr_oclass field in the group structure
returned by a call to getgrent(3).
gr_name
LDAP group name mapped to the gr_class field in the group structure
returned by a call to getgrent(3).
gr_password
LDAP group password mapped to the gr_class field in the group structure
returned by a call to getgrent(3).
gr_gid
LDAP group id mapped to the gr_class field in the group structure
returned by a call to getgrent(3).
gr_members
LDAP member uid mapped to the gr_class field in the group structure
returned by a call to getgrent(3).
Using a Revised Configuration
If you change the value of a cache parameter in the /etc/ldapcd.conf file,
you must enter the following command to read the new configuration and
restart the daemon:
# /sbin/init.d/ldapcd restart
EXAMPLE
The following example shows a typical configuration file:
#
# directory server and port, active ldap connections cached
# by the daemon, max worker threads started
#
directory: host.xyz.com
searchbase: "o=XYZCompany"
port: 389
connections: 6
max_threads: 64
#
# max entries in cache, and number of seconds before entries
# expire in the cache
#
pw_cachesize: 2000
pw_expirecache: 120
gr_cachesize: 100
gr_expirecache: 600
.
.
.
machine_dn: "cn=Directory Manager"
machine_pass: "password"
#
.
.
.
# the objectClass name of a password entry
pw_oclass: posixAccount
# name mappings for password attribute fields
pw_username: uid
pw_password: userPassword
pw_uid: uidNumber
pw_gid: gidNumber
pw_quota:
pw_comment: description
pw_gecos: gecos
pw_homedir: homedirectory
pw_shell: loginshell
# the objectClass name of a group entry
gr_oclass: posixGroup
# name mappings for group attribute fields
gr_oclass: unixGroup
gr_name: cn
gr_password: userPassword
gr_gid: gidNumber
gr_members: MemberUID
FILES
/etc/ldapcd.conf
Location of the file.
|
Index for
Section 4 |
|
|
Alphabetical
listing for L |
|
 |
Top of
page |
|