ldapclientd(1M)

NAME

ldapclientd — LDAP client daemon process

SYNOPSIS

Startup

/opt/ldapux/bin/ldapclientd [-d level] [-o { stdout | syslog | file[=size] } ] [-z]

Control

/opt/ldapux/bin/ldapclientd { [-d level] [-o { stdout | syslog | file[=size] } ]

/opt/ldapux/bin/ldapclientd { -D [cache] | -E [cache] | -S [cache] }

/opt/ldapux/bin/ldapclientd { -f | -k | -L | -h | -r }

DESCRIPTION

ldapclientd is a daemon process that enables LDAP-UX. It enables LDAP-UX clients to work with LDAP directory servers. ldapclientd caches entries, supports multiple domains in the Windows 2000/2003 Active Directory Server (ADS), supports X.500 group membership, maintains connections to the LDAP Directory Server, and manages remote LP printers.

In addition to handling communication and maintaining the connection between the LDAP-UX client and LDAP directory server, ldapclientd provides the following:

Services:
1.
Enables LDAP-UX to use LDAP directory servers to support these services:
automount
group
hosts
netgroup
networks
passwd
printers
protocols
rpc
services
X.500 group membership
Note: LDAP-UX does not support netgroup and automount with the Microsoft Windows 2000/2003 Active Directory Server.
Performance:
1.
Caches entries to reduce LDAP-UX client response time retrieving:
automount
group
netgroup
passwd
X.500 group membership
Note: Since pwgrd still caches passwd and group entries that did not come from the directory server (ldapclientd only caches entries from directory servers), pwgrd is still useful to maintain high performance.
2.
Reuses and maintains connections to the directory server, reducing binding and disconnection which significantly reduces the load on the server and network traffic.
Capability:
1. Multiple domain Active Directory Server (ADS).
Enables LDAP-UX to use multiple domains for directory servers like Windows 2000/2003 Active Directory Server (ADS). It allows PAM_Kerberos to authenticate POSIX users stored in remote domains.
2.
Automatic profile downloading.
Updates the LDAP client configuration profile by downloading a newer copy from the directory server as the current one's profileTTL (Time To Live) expires.
3.
Management of remote LP printer configuration.
Searches printer objects configured in LDAP server. Accordingly, add/modify/remove printers for the local system. By default, the printer configurator is enabled.
By default, ldapclientd starts at system boot time.
The ldapclientd command can be used to launch the daemon or control it when the daemon is already running.

Options

The following ldapclientd options are supported. These options can be used only by a superuser.

cache

Name of any NSS backend services that the ldapclientd daemon caches.

Valid cache names are:

automount 
automountmap 
domain_grp 
domain_pwd 
group 
netgroup 
passwd 
uiddn 

-c

Not supported in this version.

Earlier versions (before B.02.00) used this to reread all LDAP-UX client settings from /etc/opt/ldapux/ldapux_client.conf just to force a refresh of the LDAP-UX profile. Refreshing only the profile is now done with the -r option. If rereading all LDAP-UX client settings is necessary, kill ldapclientd using -k then restart ldapclientd.

-d level

Set log level. Initializes log level during startup or sets the log level of the running daemon process.

Accepted range of logging level is from 0 to 511.

0 =

no logging output

1 =

critical errors

2 =

key function hits

4 =

key areas

8 =

looping function hits

16 =

mutexes

32 =

JUDY caching

64 =

configuration file parsing

128 =

statistic functions

256 =

dumps

(dumps produce a large amount of logging which significantly degrades the performance of ldapclientd).

Example:

511 = 1 + 2 + 4 + 8 + 16 + 32 + 64 + 128 + 256 
    = log everything

Default log level is set at 1.

-D [cache]

Disable cache. Without the cache name, all valid cache names are shown.

-E [cache]

Enable cache. Without the cache name, all valid cache names are shown.

-f

Flush all caches.

-h

Invoke help.

-k

Kill the LDAP client daemon.

This option sends a signal to the currently running ldapclientd daemon, causing it to exit gracefully.

This option is equivalent to:

kill `head -1 /etc/opt/ldapux/ldapclientd.pid`

-L

List available cache names.

-o target

Set log output to a target stream. Initializes log output during startup or sets the log output of the running daemon process. target can be one of the following:

stdout

Direct logging to the standard output.

syslog

Direct logging to syslogd. syslog usage also depends on syslog settings of LDAP-UX in the configuration file, /etc/opt/ldapux/ldapux_client.conf, which must be enabled, or ldapclientd will still ignore syslog.

file[=size]

Specify a file for log output; rotation will append a 1 or 0 to this file name.

size defines the maximum file size before rotation. If size if not specified, it defaults to 1048576 bytes.

Example:

-o /tmp/log=50000

This will log output into /tmp/log0 until it is 50000 bytes, then swap logging into /tmp/log1, then back to /tmp/log0 when /tmp/log1 is 50000 bytes, and so on.

By default, log output goes to syslog.

-r

Immediately refresh (download) all profiles currently listed in the LDAP-UX client configuration file in /etc/opt/ldapux/ldapux_client.conf, if their current TTL expires. ldapclientd checks TTL expiration status every minute. With -r, ldapclientd immediately checks TTL status and refresh all profiles, if needed.

-S [cache]

Show statistics for one cache. When cache is not specified, a general cache statistic summary is shown.

-z

Disable daemonize (force ldapclientd to run in the foreground instead of the background). Prevent the ldapclientd process to fork into a daemon process during startup. Helpful for debugging.

DIAGNOSTICS

By default, errors are logged into syslog if system log is enabled in the LDAP-UX client configuration file at /etc/opt/ldapux/ldapux_client.conf. Errors occuring before ldapclientd forks into a daemon process will be displayed directly to stdout.

The following diagnostics may be issued:

Already running.

An attempt was made to start an LDAP client daemon when one was already running.

Cache daemon is not running (or running but not ready)

Can mean several things:
1.
Attempted to use control option features of ldapclientd when no ldapclientd daemon process is running to control.
2.
Attempted to start or control ldapclientd without superuser's privilege.
3.
The ldapclientd daemon process is too busy with other requests to respond at this time. Try again later.

problem reading configuration file

The /etc/opt/ldapux/ldapclientd.conf file is missing or has a syntax error. If it is syntax, the error message is accompanied by a line showing exactly where ldapclientd could not recognize the syntax or found that the setting is out of range.

WARNINGS

Whenever the system is rebooted, ldapclientd launches if [StartOnBoot] has enable=yes in the ldapclientd configuration file, /etc/opt/ldapux/ldapclientd.conf.

Downloading profiles may take time, depending on server response time and the number of profiles listed in the LDAP-UX configuration file, /etc/opt/ldapux/ldapux_client.conf.

AUTHOR

ldapclientd was developed by Hewlett-Packard Company

FILES

Configuration

/etc/opt/ldapux/ldapclientd.conf: Configures caching, threading and boot options for ldapclientd.
/etc/opt/ldapux/ldapux_client.conf: LDAP-UX client services configuration file. Contains settings like logging and domains.
/etc/opt/ldapux/domain_profiles/ldapux_profile.ldif.gc
/etc/opt/ldapux/domain_profiles/ldapux_profile.ldif.domain
/etc/opt/ldapux/domain_profiles/ldapux_profile.bin.gc
/etc/opt/ldapux/domain_profiles/ldapux_profile.bin.domain: Automatically downloaded local copies of directory profiles for each domain listed in /etc/opt/ldapux/ldapux_client.conf. These files should not be modified manually.

Operations

/etc/opt/ldapux/ldapclientd.pid: Lock file to restrict ldapclientd to one running instance
/var/spool/ldapcltd/status: Shared virtual memory used to quickly inform clients that the ldapclientd daemon is running and ready to service client requests.
/var/spool/ldapcltd/daemon: The ldapclientd daemon uses this pipe socket to recieve client requests.
/etc/opt/ldapux/daemon_auth: Authentication file restricting execution of ldapclientd control options to the superuser.
/sbin/init.d/ldapclientd.rc: startup and shutdown script during system reboot.
/var/spool/sockets/ldapcltd/client*: Client pipe sockets used to recieve responses from the ldapclientd daemon. Cleanup of this directory is left to clients. It is safe to delete all files left by dirty clients (and then the directory) only when the ldapclientd daemon is not running. While the ldapclientd daemon is running, it will attempt to automatically clean up after dirty clients periodically.

Other

/etc/opt/ldapux/ldapux_profile.ldif: The LDAP client configuration profile downloaded from the LDAP directory, in LDIF format.
/etc/opt/ldapux/ldapux_profile.bin: The LDAP client configuration profile translated from ldapux_profile.ldif, in binary format.
/opt/ldapux/config/setup: LDAP-UX client setup tool to configure LDAP-UX client services.