LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
Table 23 Benefits and side effects of caching (continued)
Example side-effectBenefitsService (map) name
Similar to groups, since netgroups
are used to control access to
resources, modification of these
rights might not appear until after
cache information has expired.
Users might be allowed or denied
login even though their rights
allow / deny access.
NOTE: Beginning with version
5.0 of the product, LDAP-UX
Client Services supports
integrated Compat Mode to
control which users are visible on
a host, where the user accounts
are referenced by netgroups
specified in the /etc/passwd
file. As a means to greatly
mitigate the performance impacts
of Compat Mode field masking,
LDAP-UX has integrated Compat
Mode support directly into
ldapclientd, enabling caching
of Compat Mode user entries. For
more information, see
Section 2.5.5 (page 102)
netgroups can be heavily used for
determining network file system access
rights or user login rights. Caching this
information greatly reduces this impact
netgroup (not supported with Windows
ADS)
For the positive AutoFS cache, an
alteration of the automount maps
will sometimes not appear
immediately. During this
expiration window, a network file
system might be granted access,
when in fact the automount map
should have unmounted from a
network file system.
For the negative AutoFS cache,
an alteration of the automount
maps will sometimes not appear
immediately. During this
expiration window, a user
attempting to access a network
file system might be denied
access, when in fact the
automount map should have set
up a network file system mount.
Frequent file system access to a directory
might request automount information
about a network file system. A positive
AutoFS cache greatly reduces LDAP-UX
Client response time while retrieving the
automount data.
Whenever a user attempts to access a
directory that does not exist on the
physical file system, the AutoFS system is
called to determine if that directory is
available via the network through AutoFS.
A negative AutoFS cache is critical to
assure that malfunctioning applications
do not place redundant bogus requests
on the directory server.
automount
NOTE: The ldapclientd -f command will flush all caches. For more information, see the
ldapclientd(1M) manpage.
For each service listed in the preceding table (as service names), you can alter the caching lifetime
values in the /etc/opt/ldapux/ldapclientd.conf file. For additional information, see
Section 7.1.2.3 (page 183). It is also possible to enable or disable a cache using the -E or -D
(respectively) options. These options can be useful for determining the effectiveness of caching or
helpful in debugging.
7.12.2.2 ldapclientd persistent connections
Since the HP-UX can generate many requests to an LDAP server, the overhead of establishing a
single connection for every request can create excessive network traffic and slow response time
for name service requests. Depending on network latency, the connection establishment and
250 Administering LDAP-UX Client Services