In large Active Directory environments, it is always a challenge to provide optimal performance and functionality. Authentication Services provides configuration settings that may help you improve performance in an enterprise deployment.
Each Unix host running Authentication Services builds a persistent cache of user and group information. By default, the cache is built from users and groups in the joined domain. It is possible to change the search base from which the users or groups are loaded by using the group-search-path and user-search-path options. These search paths can either restrict the location from which the users and groups are loaded, or you can specify a search base in an entirely different domain. This is useful in organizations that use resource domains, where computer objects are stored in a separate domain from the domains where users and groups are located.
You can specify a group or user search path using the -g or -u options to the vastool join command. The following command joins the Unix host to the computers.example.com domain, and loads users from the base of the sub.example.com domain:
vastool -u admin join -u DC=sub,DC=example,DC=com computers.example.com
You can change the default user or group search base at any time by adding the group-search-path and user-search-path options in the [vasd] section of vas.conf and running vastool flush. See the vas.conf man page for an example of user and group search paths.
By default, Authentication Services caches Unix user information for all users in a domain on every machine joined to that domain. An alternate caching method, known as "workstation mode", allows you to limit the size of the user cache by caching user information only for users who log in to a particular workstation. To enable workstation mode, enable the workstation-mode option in vas.conf.
For details, refer to the vas.conf man page. See Using Authentication Services manual pages (man pages) for information about accessing the vas.conf man page.
Authentication Services simultaneously supports ongoing production operations and provides a NIS migration path that does not impact existing systems and processes. The combination of flexible deployment options, data transparency, and One Identity-provided tools enable migrating and consolidating NIS data from various stores into a single, consistent, enterprise-wide identity stored in Active Directory.