 |
» |
|
|
|
This section provides: an explanation
of the administration tool ldapclientd and the configuration file, ldapclientd.conf the steps required to activate
the client daemon
Overview | |
The LDAP-UX client daemon can improve the performance and
extend the capabilities of LDAP-UX clients by caching entries, supporting multiple
domains in the ADS, automatically downloading the configuration
profiles, and reusing connections to the LDAP directory server. The daemon enables LDAP-UX to use multiple domains for directory servers
like ADS. The daemon also allows PAM Kerberos to authenticate POSIX
users stored in multiple domains. Automatic Profile Downloading updates the LDAP client configuration profile
by downloading a newer copy from the directory server as the profileTTLk
expires. By default, ldapclientd starts at system boot time. The ldapclientd command can also be used to launch the daemon manually,
or control it when the daemon is already running. Refer to the following
section and the ldapclientd man
page(s) for information about the ldapclientd command and its parameters. The ldapclientd Administration Tool | |
The following sections explains how to use the ldapclientd administration tool. Use the following syntax to start the client. This syntax
is case-sensitive.
/opt/ldapux/bin/ldapclientd [-d <level>] [-o<stdout|syslog|file[=size]>] [-z] Use the following syntax to control the client:
/opt/ldapux/bin/ldapclientd [-d <level>] [-o<stdout|syslog|file[=size]>] >
/opt/ldapux/bin/ldapclientd [-D <cache>]|-E <cache>|-S [cache]>
/opt/ldapux/bin/ldapclientd <-f| -k| -L| -h| -r> Performance (client response time) is improved by the following techniques: Caching entries
to reduce the LDAP-UX client response time while retrieving the
following: Since pwgrd caches some categories, lpdapclientd does not cache these areas, therefore pwgrd is still needed to maintain high performance in areas
like hosts, protocols, and rpc. Reusing and maintaining connections to the directory
server. The reduction in bindings and disconnections significantly
reduces the load on server and network traffic.
Refer to the ldapclientd man
page(s) for option information. By default, errors are logged into syslog if the system log is enabled in the LDAP-UX client startup
configuration file /etc/opt/ldapux/ldapux_client.conf. Errors occurring before ldapclientd forks into a daemon process leave an error message directly
on the screen. The following diagnostic messages may be issued:
Message: Already running.
Meaning:
An attempt was made to start an LDAP client daemon when one was
already running.
Message: Cache daemon is not running (or running but not ready).
Meaning:
This message can mean several things: Attempted to use the control option features
of ldapclientd when no ldapclientd daemon process was running, to control. Attempted to start or control
ldapclientd without superuser privilege. The ldapclientd daemon process is too busy with other requests to respond
at this time. Try again later.
Message: Problem reading configuration file. Meaning: The /etc/opt/ldapux/ldapclientd.conf file is missing or has a syntax error. If the problem
is with its syntax, the error message will be accompanied by a line
showing exactly where it could not recognize the syntax, or where
it found a setting which is out of range. | | | |  | CAUTION: Whenever the system is rebooted, ldapclientd launches if [StartOnBoot] has the parameter enabled=yes in the file /etc/rc.config.d/ldapclientd.conf (the ldapclientd configuration file). Downloading profiles takes time,
depending on the server’s response time and the number
of profiles listed in the LDAP-UX startup file, /etc/opt/ldapux/ldapux client.conf. | | | | |
The ldapclientd.conf Configuration File | |
The file ldapclientd.conf is the configuration file for /opt/ldapux/bin/ldapclientd, the LDAP client daemon. Refer to the previous section
for more information about the daemon. ldapclientd uses the default values for any settings which may be missing from the configuration
file. Configuration
File Syntax# comment
[section]
setting=value
setting=value
. . .
[section]
setting=value
setting=value
. . . Where: - comment
ldapclientd ignores any line beginning with a # delimiter. - section
Each section is configured
by setting=value information underneath. The section name must
be enclosed by brackets ([ ]) as delimiters. Valid section names
are: - setting
This will be different for each section. - value
Depending on the setting, this can be yes, no, or number.
Within a section, the following syntax applies: - [StartOnBoot]
Determines if ldapclientd starts automatically when the system boots. By default, this is enabled after LDAP-UX has been configured
by the LDAP-UX setup program /opt/ldapux/config/setup. - [general]
Any cache setting defined here will be used as the default
setting for all caches (passwd, group, netgroup, uiddn, domain_pwd and domain_grp). The maximum number of connections ldapclientd can establish to the directory server (or multiple servers
when in a multi-domain environment. The default value is 20. connection_ttl=<1-2147483647> |
The number of seconds before an inactive connection to the
directory server is brought down and cleaned up. The default value
is 120. The number of client request handling threads in ldapclientd. The default value is 10. socket_cleanup_time=<10-2147483647> |
The interval, in seconds, before the next attempt to clean
up the socket files created by any LDAP-UX client applications that
were terminated abnormally. The default value is 300. cache_cleanup_time=<1-300> |
The interval, in seconds, between the times when ldapclientd identifies and cleans up stale cache entries. The default
value is 10. update_ldapux_conf_time=<10-2147483647> |
This determines how often, in seconds, ldapclientd re-reads the /etc/opt/ldapux/ldapux_client.conf client configuration file to download new domain profiles.
The default value is 600 (10 minutes). cache_size=<102400-1073741823> |
The maximum number of bytes that should be cached by ldapclientd. This value is the maximum, upper limit, of memory that
can be used by ldapclientd. If this limit is reached, new entries are not cached
until enough expired entries are freed to allow it. The default
value is 10000000. poscache_ttl=<1-2147483647> |
The time, in seconds, before a cache entry expires from the
positive cache. There is no [general] default value for this setting. Each cache section has
its own default values (listed below). Specifying a value under [general] will override poscache_ttl defaults in other sections (where there is no specific poscache_ttl definitions for that section). negcache_ttl=<1-2147483647> |
The time, in seconds, before a cache entry expires from the
negative cache. There is no [general] default value for this setting. Each cache section has
its own default value. - [passwd]
Cache settings for the passwd cache (which caches name, uid, and shadow information). setting=value enble=<yes|no> |
ldapclientd only caches entries for this section, when it is enabled.
If the cache is not enabled, ldapclientd will query the directory server for any entry request from
this section. Since this impacts LDAP-UX client performance and
response time, by default, caching is enabled. poscache_ttl=<0-2147483647> |
The time, in seconds, before a cache entry expires from the
positive cache. Since personal data can change frequently, this
value is typically smaller than some others. The default value is
120 (2 minutes). negcache_ttl=<1-2147483647> |
The time, in seconds, before a cache entry expires from the
negative cache. The default value is 240 (4 minutes). - [group]
Cache settings for the group cache (which caches
name, gid and membership information). setting=value enable=<yes|no> |
ldapclientd only caches entries for this section, when it is enabled.
By default, caching is enabled. poscache_ttl=<0-2147483647> |
The time, in seconds, before a cache entry expires from the
positive cache. Since people are added and removed from groups occasionally,
this value is not typically large. The default value is 240 (4 minutes). negcache_ttl=<1-2147483647> |
The time, in seconds, before a cache entry expires from the
negative cache. The default value is 240 (4 minutes). - [netgroup]
Cache settings for the netgroup cache. setting=value enable=<yes|no> |
ldapclientd only caches entries for this section, when it is enabled.
By default, caching is enabled. poscache_ttl=<0-2147483647> |
The time, in seconds, before a cache entry expires from the
positive cache. Since people are added and removed from groups occasionally,
this value is not typically large. The default value is 240 (4 minutes). negcache_ttl=<1-2147483647> |
The time, in seconds, before a cache entry expires from the
negative cache. The default value is 240 (4 minutes). LDAP-UX using Windows 2000 Active Directory Server does not
support netgroup service data. - [uiddn]
This cache maps a user’s UID to their DN
from the directory. setting=value enable=<yes|no> |
ldapclientd only caches entries for this section, when it is enabled.
By default, caching is enabled. poscache_ttl=<0-2147483647> |
The time, in seconds, before a cache entry expires from the
positive cache. Typically, once added into a directory, the user’s
DN rarely changes. The default value is 86400 (24 hours). negcache_ttl=<1-2147483647> |
The time, in seconds, before a cache entry expires from the
negative cache. The default value is 86400 (24 hours). - [domain_pwd]
This cache maps user names and UIDs to the domain holding
its entry. setting=value enable=<yes|no> |
ldapclientd only caches entries for this section, when it is enabled.
By default, caching is enabled. poscache_ttl=<0-2147483647> |
The time, in seconds, before a cache entry expires from the
positive cache. Since new domains are rarely added to or removed
from the forest, the cache is typically valid for a long time. The
default value is 86400 (24 hours). negcache_ttl=<1-2147483647> |
The time, in seconds, before a cache entry expires from the
negative cache. The default value is 86400 (24 hours). - [domain_grp]
This cache maps group names and GUIDs to the domain
holding its entry. setting=value enable=<yes|no> |
ldapclientd only caches entries for this section, when it is enabled.
By default, caching is enabled. poscache_ttl=<0-2147483647> |
The time, in seconds, before a cache entry expires from the
positive cache. Since new domains are rarely added to or removed
from the forest, the cache is typically valid for a long time. The
default value is 86400 (24 hours). negcache_ttl=<1-2147483647> |
The time, in seconds, before a cache entry expires from the
negative cache. The default value is 86400 (24 hours).
Example
Configuration FileThe following is a sample ldapclientd.conf configuration file. |
#!/sbin/sh
# @(#) $Revision: 1.1 $
# ldap client daemon configuration.
#
# Please note, the below keys are case sensitive
#
# Example:
#
# [passwd]
# enable=yes
# poscache_ttl=600
# negcache_ttl=600
#
# Note that "TTLs" (time to live) values are in seconds
# Note that cache sizes are in bytes
#
[StartOnBoot]
enable=no
[general]
# Maximum number of connections the ldapclientd can establish
# to the directory server (or multiple servers when in a
# multi-domain environment.
#
max_conn=20
#
# Time for an in-active connection to the directory server to
# be brought down and cleaned up.
#
connection_ttl=120
#
# Number of threads in ldapclientd.
#
num_threads=10
#
# Time to clean up socket files created by client applications
# that were terminated abnormally.
#
socket_cleanup_time=300
#
# Interval how often ldapclient should use when identifying and
# cleaning up stale cache entries.
#
cache_cleanup_time=10
#
# How often ldapclientd should re-read the ldapux-clientd.conf
# file.
update_ldapux_conf_time=600
#
# Maximum number of bytes that should be cached by ldapclientd.
# This value is the maximum upper limit of memory that can be
# used by ldapclientd. If this limit is reached, new entries
# are not cached, until enough expired entries are freed.
#
cache_size=10000000
#
[passwd]
enable=yes
[group]
enable=yes
# LDAP-UX does not support netgroup with Windows 2000 Active
# Directory Server.
#
[netgroup]
enable=yes
[uiddn]
enable=yes
[domain_pwd]
enable=yes
[domain_grp]
enable=yes |
|
|
Printable version
