ldapclientd.conf.4 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

ldapclientd.conf(4) ldapclientd.conf(4)

[general] section will override poscache_ttl defaults in other sections

(when there is no speciﬁc

poscache_ttl deﬁnition under that section).

negcache_ttl=1-2147483647

Seconds before a cache entry expires from the negative cache. Like,

poscache_ttl, there is no [general] default value for this setting.

Each cache section has its own default.

proxy_is_restricted=yes|no

If the proxy user is conﬁgured in the LDAP-UX proﬁle and deﬁned in

/etc/opt/ldapux/pcred, this ﬂag attests that the proxy user does not hold

privileged LDAP credentials, meaning the proxy user is restricted in its

rights to access "private" information in the directory server. As of release

B.05.00,

ldapclientd provides a local interface to allow specialized

directory-enabled applications to access arbitrary attributes in HP-UX

related directory entries. By default, and if set to no, ldapclientd will not

allow access to attributes beyond that of the RFC2307 schema as well as any

attribute deﬁned below using the

allowed_attribute

token. If

proxy_is_restricted is set to yes, then you are attesting that the directory

server is restricting access to private or other conﬁdential information from

access by the proxy user. This allows specialized applications to access any

attribute visible to the proxy user. The default value for this setting is no,

meaning ldapclientd assumes the proxy user has rights beyond that of a non-

privileged user.

allowed_attribute=service:attribute

Some applications, like /opt/ssh/bin/ssh, use ldapclientd to access informa-

tion in the directory server, such as the sshPublicKey for users and hosts. By

setting this parameter, applications can access any deﬁned attribute even if

the

proxy_is_restricted

value is set to no (the default). There is no

internal default set for this parameter. If not speciﬁed, no attributes beyond

that deﬁned in RFC2307 (and as mapped in the conﬁguration proﬁle) will be

accessible through ldapclientd’s API. However, the default delivered

ldapclientd.conf

ﬁle will set this parameter to allow access to the

sshPublicKey attribute for the passwd and hosts service. Note that

this parameter may be speciﬁed more than once. The format is

allowed_attribute=service :attribute such as

allowed_attribute=hosts:sshPublicKey.

[passwd] Cache settings for the passwd cache (which caches name, uid, and shadow infor-

mation). The valid setting under this section are:

enable=yes|no

ldapclientd only caches entries for this section when it is enabled. If the

cache is not enabled, ldapclientd will query the directory server for any

entry request from this section.

Since this impacts LDAP-UX client performance and response time, by

default, caching is enabled.

poscache_ttl=0-2147483647

Seconds before a cache entry expires from the positive cache. Since personal

data can change frequently, this value is typically smaller than the others.

Default value is 120.

negcache_ttl=1-2147483647

Seconds before a cache entry expires from the negative cache.

Default value is 240.

[group] Cache settings for the group cache (which caches name, gid, and membership infor-

mation). The setting are:

enable=yes|no

ldapclientd only caches entries for this section when it is enabled.

HP-UX 11i v3: June 2010 Web Release − 3 − Hewlett-Packard Company 3