[ Bottom of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]

Commands Reference, Volume 5

secldapclntd Daemon


Provides and manages connection and handles transactions between the LDAP load module and the LDAP Security Information Server.


/usr/sbin/secldapclntd [ -C CacheSize ] [ -p NumOfThread ] [ -t CacheTimeOut ] [ -T HeartBeatIntv ]


The secldapclntd daemon accepts requests from the LDAP load module, forwards the request to the LDAP Security Information Server, and passes the result from the server back to the LDAP load module. This daemon reads the configuration information defined in the /etc/security/ldap/ldap.cfg file during its startup, and authenticates to the LDAP Security Information Server using the server administrator's distinguished name and password, and establishes a connection between the local host and the server.

If multiple servers are specified in the /etc/security/ldap/ldap.cfg file, the secldapclntd daemon connects to all of the servers. At a specific time, however, it talks to only one of them. The secldapclntd daemon can detect when the server it talks to is down, and automatically talks to another available server. It can also detect when a server becomes available again, and re-establishes connection to that server (but it continues to talk to the server it was talking to). This auto-detect feature is done by the secldapclntd daemon checking on each of the servers periodically. The time interval between subsequent checking is defaulted to 300 seconds, and can be changed at the daemon startup time from command line or by modify the corresponding values of the /etc/ security/ldap/ldap.cfg file.

At startup, the secldapclntd daemon tries to establish a connection to the LDAP servers. If it cannot connect to any of the servers, it goes to sleep, and tries again in 30 seconds. It repeats this process twice, and if it still cannot establish any connection, the secldapclntd daemon process exits.

The secldapclntd daemon is a multi-threaded program. The default number of threads used by this daemon is 10. An administrator can fine-tune the system performance by adjusting the number of threads used by this daemon.

The secldapclntd daemon caches information retrieved from the LDAP Security Information Server for performance purpose. If the requested data can be found in the cache and the cache entry is not expired, the data in the cache is handed back to the requester. Otherwise, the secldapclntd daemon makes a request to the LDAP Security Information Server for the information.

The valid number of cache entries for users is in the range of 100-10,000, and that for groups is in the range of 10-1,000. The default is 1000 entries for users, and 100 entries for groups.

The cache timeout or TTL (time to live) can be from 60 seconds to 1 hour (60*60=3600 seconds). By default, a cache entry expires in 300 seconds. If the cache timeout is set to 0, the caching feature is disabled.


By default, the secldapclntd daemon reads the configuration information specified in the /etc/security/ldap/ldap.cfg file at startup. If the following options are given in command line when starting the secldapclntd process, the options from the command line will overwrite the values in the /etc/security/ldap/ldap.cfg file.

-C CacheSize Sets the maximum cache entries used by the secldapclntd daemon to CacheSize number of entries. Valid range is 100-10,000 entries for user cache. The default is 1000. The group cache entries will be 10% of the user cache entries.
-p NumOfThread Sets the number of threads used by the secldapclntd daemon to NumOfThread threads. Valid range is 1-1000. The default is 10.
-t CacheTimeout Sets the cache to expire in CacheTimeout seconds. Valid range is 60- 3600 seconds. The default is 300 seconds.
-T HeartBeatIntv Sets the time interval of heartbeat between this client and the LDAP server. Valid values are 60-3,600 seconds. Default is 300.


  1. To start the secldapclntd daemon, type:
  2. To start the secldapclntd with using 20 threads and cache timeout value of 600 seconds, type:
    /usr/sbin/secldapclntd -p 20 -t 600

It is recommended that you start the secldapclntd daemon by running the start-secldapclntd command. It is also recommended that you specify these values in the /etc/security/ldap/ldap.cfg file, so that these values will be used each time you start the secldapclntd process.

Related Information

The mksecldap, start-secldapclntd, stop-secldapclntd, restart-secldapclntd, ls-secldapclntd, and flush-secldapclntd commands.

The /etc/security/ldap/ldap.cfg file.

[ Top of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]