LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

101

102

103

104

105

106

107

108

109

110

• How much memory to allocate for the offline cache (if you have numerous groups containing

a large number of members, HP recommends that the amount of offline cache memory allocated

be twice the combined size of the groups)

2.5.4.2 Configuring the offline cache

The following shows the section in /etc/opt/ldapux/ldapclientd.conf that includes the

offline credential cache variables that you can configure.

[longterm_cache]

#enable=no

# How long before data is considered stale and not usable. 1,209,600 = 2 weeks

#longterm_expired_interval=1209600

# How frequently should save long term data to permanent storage. 900 = 15 min.

#longterm_cache_backup_interval=900

# How much memory to allocate for the long term cache, which stores user and

# group information. This cache is only used by the working set of users and

# groups. The working set means any user or group being used or displayed on

# the system. If you have numerous large groups with numerous members, this

# value should be at least twice as large as the combined size of all those

# groups.

#longterm_cache_size=50000000

# Should long term caching support enumeration of users and groups. If

# getpwent() and getgrent() are not required, this can be disabled.

#longterm_enum_enable=no

# How frequently should the HP-UX client go to the directory server to refresh

# the enumeration cache. 84600 = once per day.

#longterm_enum_search_interval=86400

As shown, offline credential caching is disabled by default. To enable offline credential caching,

uncomment the first line of the section (remove the pound sign (#)) and specify yes instead of no

as shown:

[longterm_cache]

enable=yes

Configure the other parameters as noted in the comments included with the configuration file. To

keep the default settings, you can leave the lines as they are (without removing the pound signs

that precede each line that defines a parameter).

NOTE: Offline credential caching and integrated Compat Mode cannot be used together. Compat

Mode is discussed in Section 2.5.5 (page 102).

2.5.5 Enabling integrated Compat Mode to control name services and user logins

Supported for HP directory server environments only.

LDAP-UX version 5.0 and later makes available traditional NIS-style Compat (Compatibility) Mode

to control the name services that are used to obtain user and group information.

2.5.5.1 Overview

A legacy feature of NIS is the ability to allow local control of network-defined passwd entries.

Administrators of NIS clients can select which accounts would be available on the local host by

specifying lists of netgroups in the host’s /etc/passwd file. For more information, see Appendix

C of the Network Information Service (NIS) Administrator's Guide . The following example shows

how an administrator might limit logins on the local host to members of the operator and

webadmin groups. Within the /etc/passwd file, the following entries would be added:

...

+@operator::::::

102 Installing and configuring LDAP-UX Client Services for an HP server environment