Manualshelf

NIS/LDAP Gateway Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
21222324252627282930
6. Index important entries for better performance.
Since many of your directory requests will be for the attributes listed below, you should
index these to improve performance. If you don't index, your directory may search
sequentially causing a performance bottleneck.
Index on the following attributes:
cn
objectclass
memberuid
uidnumber
gidnumber
uid
To index these entries with Netscape/Red Hat Directory Server, use the Console,
Configuration tab, Indexes tab, Add Attributes button.
7. Create a proxy user.
Create a proxy user the NIS/LDAP Gateway will use to bind to the directory. With
Netscape/Red Hat Directory Server for HP-UX, use the Directory Console, Users and Groups
tab, Create button.
8. Set access permissions for the proxy user.
Give the proxy user (created in step 7 above) read permission for the userpassword attribute
in the directory. Since the NIS/LDAP Gateway daemon, ypldapd, will authenticate to the
directory as the proxy user, this user needs to be able to read the passwords. The following
example ACI gives the proxy user, ypldap_proxy, permission to compare, read, and search
user passwords:
aci:(target="ldap:///ou=raptor,ou=labteam,o=hp.com")(targetattr="userpassword")
(version 3.0; acl "ypldapd Proxy userpassword read rights"; allow
(compare,read,search) userdn = "ldap:///uid=proxy-user,ou=people,o=hp.com";
)
9. For larger directories, increase the Look-through limit.
The Look-through limit specifies the maximum number of directory entries to examine
before aborting the search operation. The default for Netscape/Red Hat Directory Server for
HP-UX is unlimited. If you have a large directory, (greater than 2000 entries, for example),
you may want to increase this. This will be less of a problem for indexed entries since the
search would examine fewer entries.
To change this limit in Netscape/Red Hat Directory Server using the Directory Console, use
the Configuration tab, select the "Database" object, the Performance tab, and edit the
Look-through limit text box.
10. For larger directories, increase the Size limit.
The Size limit determines the maximum number of entries to return to any query before
aborting. The default for Netscape/Red Hat Directory Server for HP-UX is 2000. If you have
a large directory, (greater than 2000 entries, for example), you should increase this.
To change this limit in Netscape/Red Hat Directory Server using the Directory Console, use
the Configuration tab, select the server name, the Performance tab, and edit the Size limit
text box.
22 Installing the NIS/LDAP Gateway