LDAP-UX Integration Performance and Tuning Guidelines
The Name Service Switch
The name service sub-system consists primarily of three components: the API, the switch (see man 4 switch,)
and the back-end libraries. This architecture allows any type of repository to serve the APIs, such as files
(/etc/passwd for example,) NIS or LDAP. This switch is controlled by the /etc/nsswitch.conf file, and allows any
name service API to be served by any backend repository that supports that API. For example, while LDAP can be
used to serve the passwd name service, files can be used to serve the group name service and DNS can be used to
serve the hosts name service.
How it works
A call to getpwnam() by the login process enters the name service front-end. On HP-UX, a special cache controlled
by pwgrd (see man 1M pwgrd) is first checked to see if the entry has already been cached. If not, then the name
service switch checks the configuration of the /etc/nsswitch.conf file, to determine which back-ends are configured
to serve the passwd name service. If “ldap” is configured in /etc/nsswitch.conf, then the NSS_LDAP backend will
be called to convert the request into an LDAP search operation. Without caching, every call to the name service
sub-system will result in one LDAP search operation, assuming that ldap has been configured in the
/etc/nsswitch.conf for that service. This document refers to this entire operation as a “request.”
Page 4