LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
Some applications, like /opt/ssh/bin/ssh, use ldapclientd to
access information in the directory server, such as the sshPublicKey
for users and hosts. By setting this parameter, applications can access
any defined attribute even if the proxy_is_restricted value is set
to no (the default). There is no internal default set for this parameter. If
allowed_attribute is not specified, no attributes beyond that defined
in RFC2307 (and as mapped in the configuration profile) will be
accessible through the ldapclientd API. However, the default
delivered ldapclientd.conf file will set this parameter to allow
access to the sshPublicKey attribute for the passwd and hosts service.
This parameter may be specified more than once.
allowed_attribute example:
allowed_attribute=hosts:sshPublicKey
[passwd] Cache settings for the passwd cache (which caches name, UID, and
shadow information).
enable=<yes|no>
ldapclientd only caches entries for this section, when it is enabled.
If the cache is not enabled, ldapclientd will query the directory server
for any entry request from this section. Since this impacts LDAP-UX client
performance and response time, by default, caching is enabled.
poscache_ttl=<0-2147483647>
The time, in seconds, before a cache entry expires from the positive
cache. Since personal data can change frequently, this value is typically
smaller than some others.
The default value is 120 (2 minutes)
negcache_ttl=<0-2147483647>
The time, in seconds, before a cache entry expires from the negative
cache.
The default value is 240 (4 minutes).
[group] Cache settings for the group cache (which caches name, gid and
membership information).
enable=<yes|no>
ldapclientd only caches entries for this section, when it is enabled.
By default, caching is enabled.
poscache_ttl=<0-2147483647>
The time, in seconds, before a cache entry expires from the positive
cache. Since people are added and removed from groups occasionally,
this value is not typically large. If dynamic_group caching is enabled,
this value must be less than poscache_ttl of [dynamic_group].
The default value is 240 (4 minutes)
negcache_ttl=<0-2147483647>
The time, in seconds, before a cache entry expires from the negative
cache. If dynamic_group caching is enabled, this value must be less
than negcache_ttl of [dynamic_group]
The default value is 240 (4 minutes).
[dynamic_group] This section describes the settings for the Dynamic Group cache. This
cache manages dynamic group information including name, group ID
7.1 Managing the LDAP-UX client daemon 187