LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

191

192

193

194

195

196

197

198

199

200

# Example:

# [passwd]

# enable=yes

# poscache_ttl=600

# negcache_ttl=600

# Note that "TTLs" (time to live) values are in seconds.

# Note that cache sizes are in bytes.

[StartOnBoot]

enable=yes

[general]

# If the proxy user is used and defined in /etc/opt/ldapux/pcred, this

# flag indicates if the proxy user does not hold privileged LDAP

# credentials, meaning the proxy user is restricted in it's rights to

# access "private" information in the directory server. Because

# ldapclientd provides an interface to access arbitrary information

# (attributes), ldapclientd needs to know if the proxy credential has

# more rights that it should.

# By default, and if set to zero, ldapclientd assumes the proxy user

# has privledged credentials, and thus will not allow access to attributes

# beyond that of the RFC2307 schema. However, you can ammend the list of

# allowed attributes using the allowed_attribute paramter defined below.

# If proxy_is_restricted is set to 1, then you are attesting that the

# directory server is restricting access to private or other confidential

# information from access by the proxy user.

proxy_is_restricted=1

# Allows the ldapclientd interface to return attributes that are associated

# with RFC2307-based services (such as users and groups), but that those

# attributes are not specifically part of the RFC2307 schema. Any attribute

# specified below should be considered public information.

allowed_attribute=hosts:sshPublicKey

allowed_attribute=passwd:sshPublicKey

# Maximum number of connections ldapclientd can establish to

# the directory server (or multiple servers when in a multi-domain

# environment).

max_conn=100

# Time between an inactive connection to the directory server is

# brought down and cleaned up.

connection_ttl=300

# Number of threads in ldapclientd.

num_threads=10

# Time to clean up socket files created by client applications that

# were terminated abnormally.

socket_cleanup_time=300

# Interval between how often ldapclientd identifies and cleans up

# stale cache entries.

cache_cleanup_time=10

# How often ldapclientd should re-read the ldapux-clientd.conf file.

update_ldapux_conf_time=600

# Maximum number of bytes that should be cached by ldapclientd.

# This value is the maximum upper limit of memory that can be

# used by ldapclientd. If this limit is reached, new entries are

# not cached, until enough expired entries are freed.

cache_size=10000000

192 Administering LDAP-UX Client Services