LDAP-UX Client Services B.05.00 with Microsoft Windows Active Directory Server Administrator's Guide (obsolete beyond B.05.00)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

poscache_ttl=<1-2147483647>

The time, in seconds, before a cache entry expires from the positive cache.

There is no [general] default value for this setting. Each cache section

has its own default values (listed below). Specifying a value under

[general] will override poscache_ttl defaults in other sections

(where there is no specific poscache_ttl definitions for that section).

negcache_ttl=<1-2147483647>

The time, in seconds, before a cache entry expires from the negative

cache. There is no [general] default value for this setting. Each cache

section has its own default value.

proxy_is_restricted=yes|no

If the proxy user is configured in the LDAP-UX profile and defined in

/etc/opt/ldapux/pcred, this flag attests that the proxy user does

not hold privileged LDAP credentials, meaning the proxy user is restricted

in its rights to access "private" information in the directory server. As of

release B.05.00, ldapclientd provides a local interface to allow

specialized directory-enabled applications to access arbitrary attributes

in HP-UX related directory entries. By default, and if set to no,

ldapclientd will not allow access to attributes beyond that of the RFC

2307 schema as well as any attribute defined using the

allowed_attribute token. If proxy_is_restricted is set to yes,

then you are attesting that the directory server is restricting access to

private or other confidential information from access by the proxy user.

This allows specialized applications to access any attribute visible to the

proxy user. The default value for this setting is no, meaning ldapclientd

assumes the proxy user has rights beyond that of a non-privileged user.

allowed_attribute=service:attribute

Some applications, like /opt/ssh/bin/ssh, use ldapclientd to

access information in the directory server, such as the sshPublicKey

for users and hosts. By setting this parameter, applications can access

any defined attribute even if the proxy_is_restricted value is set

to no (the default). There is no internal default set for this parameter. If

allowed_attribute is not specified, no attributes beyond that defined

in RFC 2307 (and as mapped in the configuration profile) will be

accessible through ldapclientd's API. However, the default delivered

ldapclientd.conf file will set this parameter to allow access to the

sshPublicKey attribute for the passwd and hosts service. This parameter

can be specified more than once. allowed_attribute example:

allowed_attribute=hosts:sshPublicKey

[passwd] Cache settings for the passwd cache (which caches name, uid, and

shadow information).

enable=<yes|no>

ldapclientd only caches entries for this section, when it is enabled. If

the cache is not enabled, ldapclientd will query the directory server

for any entry request from this section. Since this impacts LDAP-UX client

performance and response time, by default, caching is enabled.

poscache_ttl=<0-2147483647>

The time, in seconds, before a cache entry expires from the positive cache.

Since personal data can change frequently, this value is typically smaller

than some others. The default value is 120 (2 minutes).

6.1 Using the LDAP-UX client daemon 87