[ Bottom of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]

Files Reference

ldap.cfg File Format

Purpose

The secldapclntd LDAP client side daemon configuration file.

Description

The /etc/security/ldap/ldap.cfg file contains information for the secldapclntd daemon to start and function properly as well as information for fine tuning the daemon's performance. The /etc/security/ldap/ldap.cfg file is updated by the mksecldap command at client setup.

The /etc/security/ldap/ldap.cfg file may contain the following fields:

ldapservers Specifies a comma separated LDAP Security Information Servers. These servers can either be the primary server and/or replica of the primary server.
ldapadmin Specifies the administrator DN of the LDAP Security Information Server(s).
ldapadmpwd Specifies the password of the administrator DN.
useSSL Specifies whether to use SSL communication. Valid values are ON and OFF. The default is OFF.
Note
You will need the SSL key and the password to the key to enable this feature.
ldapsslkeyf Specifies the full path to the SSL key.
ldapsslkeypwd Specifies the password to the SSL key.
Note
Comment out this line to use stashed password. The password stash file must reside in the same directory as the SSL key itself, and must have the same name as the key file, but with an extension of .sth instead of .kdb.
userattrmappath Specifies the full path to the AIX-LDAP attribute map for users.
groupattrmappath Specifies the full path to the AIX-LDAP attribute map for groups.
idattrmappath Specifies the full path to the AIX-LDAP attribute map for IDs. These IDs are used by the mkuser command when creating LDAP users.
userbasedn Specifies the user base DN.
groupbasedn Specifies the group base DN.
idbasedn Specifies the ID base DN.
hostbasedn Specifies the host base DN.
servicebasedn Specifies the service base DN.
protocolbasedn Specifies the protocol base DN.
networkbasedn Specifies the network base DN.
netgroupbasedn Specifies the netgroup base DN.
rpcbasedn Specifies the RPC base DN.
userclasses Specifies the objectclasses used for user entry.
groupclasses Specifies the objectclasses used for group entry.
ldapversion Specifies the LDAP server protocol version. Default is 3.
ldapport Specifies the port that the LDAP server listens to. Default is 389.
ldapsslport Specifies the SSL port that the LDAP server listens to. Default is 636.
followaliase Specifies whether to follow aliases. Valid values are NEVER, SEARCHING, FINDING, and ALWAYS. Default is NEVER.
usercachesize Specifies the user cache size. Valid values are 100 - 10,000 entries. Default is 1,000.
groupcachesize Specifies the group cache size. Valid values are 10 - 1,000 entries. Default is 100.
cachetimeout Specifies the cache TTL (time to live). Valid values are 60 - 3,600 seconds. Default is 300. Set to 0 to disable caching.
heartbeatinterval Specifies the interval in seconds that the client contacts the server for server status. Valid values are 60 - 3,600 seconds. Default is 300.
numberofthread Specifies the number of threads for the secldapclntd daemon. Valid values are 1 - 1,000. Default is 10.

Related Information

The mksecldap command and secldapclntd daemon.

The start-secldapclntd, stop-secldapclntd, restart-secldapclntd, ls-secldapclntd and flush-secldapclntd commands.

The AIX-LDAP Attribute Mapping File Format file.

LDAP Exploitation of the Security Subsystem in AIX 5L Version 5.2 System Management Concepts: Operating System and Devices.

[ Top of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]