LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
or because they are malfunctioning. For example, if a file is created with a group ID that does not
exist, every time a user displays information about this file, using the ls command, a request to the
directory server will be generated.
The ldapclientd daemon currently supports caching of passwd, group, netgroup and
automount map information. The ldapclientd daemon also maintains a cache that maps user
accounts to LDAP DNs. This mapping enables LDAP-UX to support groupOfNames and
groupOfUniqueNames for defining membership of an HP-UX group.
Although there are many benefits to caching, administrators must be aware of the side effects of
their use. Table 23 includes examples to consider:
Table 23 Benefits and side effects of caching
Example side-effectBenefitsService (map) name
Removing this information from
the directory might not be visible
to the operating system until after
the cache has expired. In certain
cases, this might allow a user to
log in to an HP-UX host, even
after his account has been
removed from the LDAP directory
server. (In general this is not a
problem when PAM_LDAP is used
for authentication with HP
directory servers, since
authentication requests are not
cached.)
Reduces greatly the number of requests
sent to a directory server during a login
or other operation such as displaying files
owned by that user.
passwd
Removing a member of a group
might not be visible to the file
system, until after the cache
expires. During this window, a
user may be able to access files
or other resources based on
his/her group membership, which
had been revoked.
Frequent file system access might request
information about groups that own
particular files. Caching greatly reduces
this impact.
group
7.12 Performance considerations 249