Provides and manages connection between the AIX LDAP load module of the local host and LDAP Security Information Server, and handles transactions from the LDAP load module to the LDAP Security Information Server.
Note: The secldapclntd daemon is normally started by the init process.
/usr/sbin/secldapclntd [ -C CacheSize ] [ -m ] [ -p NumOfThread ] [ -t CacheTimeOut ] [ -T HandShakeIntv ]
The secldapclntd daemon accepts requests from the LDAP load module, forwards the request to the LDAP Security Information Server, and passes the result from the server back to the LDAP load module. This daemon reads the configuration information defined in the /etc/security/ldap/ldap.cfg file during its startup, and authenticate to the LDAP Security Information Server using the server administrator's distinguished name and password, and establish a connection between the local host and the server.
If multiple servers are specified in the /etc/security/ldap/ldap.cfg file, the secldapclntd daemon connects to all of the servers. At a specific time, however, it only talks to one of them. The secldapclntd daemon can detect it when the server it talks to is down, and automatically talks to another available servers. It also detects it when a server becomes available again, and re-establishes connection to that server. This auto-detect feature is done by the secldapclntd daemon checking on each of the servers periodically. The time interval between subsequent checking is defaulted to 300 seconds, and can be changed at the daemon startup time.
The secldapclntd can be configured to always talk to the master server when the master is available. In the case that the master server is not available it talks to a replica server. Whenever secldapclntd detects that the master server is up and available again, it automatically reconnects to it and starts talk to the master server.
The secldapclntd daemon is a multi-threaded program. The default number of threads used by this daemon is 10. An administrator can fine tune the system performance by adjusting the number of threads used by this daemon.
The secldapclntd daemon caches information retrieved from the LDAP Security Information Server for performance purpose. If a requested information can be found in the cache and the information is not expired, the information is handed back to the requester. Otherwise, the secldapclntd daemon makes a request to the LDAP Security Information Server for the information. The default number of cache entries used by the daemon is 1000 entries. A cache entry expires in 300 seconds. Both the number of cache entries and the timeout value can be changed at the daemon startup time.
/usr/sbin/secldapclntd
/usr/sbin/secldapclntd -p 20 -t 600
/etc/security/ldap/ldap.cfg | Contains information needed by the secldapclntd daemon to connect to the server. |
The mksecldap command.
The /etc/security/ldap/ldap.cfg file.
LDAP Exploitation of the Security Subsystem in AIX 5L Version 5.1 System Management Concepts: Operating System and Devices