LDAP-UX Client Services B.04.00 with Microsoft Windows 2000/2003 Active Directory Administrator's Guide
Administering LDAP-UX Client Services
Client Daemon Performance
Chapter 4 121
does not exist, every time a user displays information about this file,
using the ls command, a request to the directory server will be
generated.
The ldapclientd daemon currently supports caching of passwd, group,
netgroup and automount map information. ldapclientd also maintains a
cache which maps user’s accounts to LDAP DNs. This mapping allows
LDAP-UX to support groupOfNames and groupOfUniqueNames for
defining membership of an HP-UX group.
Although there are many benefits to caching, administrators must be
aware of the side-effects of their use. Here are some examples to
consider:
Table 4-2
Map Name Benefits
Example
Side-Effect
passwd Reduces greatly the
number of requests
sent to a directory
server during a login
or other operation
such as displaying
files owned by that
user.
Removing this
information from
the directory may
not be visible to
the operating
system until after
the cache has
expired. In
certain cases, this
may allow a user
to login to an
HP-UX host, even
after his account
has been removed
from the LDAP
directory server.
(In general this is
not a problem
when pam_ldap is
used for
authentication,
since
authentication
requests are not
cached.)