2 # Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
3 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
6 {{slapd}}(8) is designed to be run as a standalone service. This
7 allows the server to take advantage of caching, manage concurrency
8 issues with underlying databases, and conserve system resources.
9 Running from {{inetd}}(8) is {{NOT}} an option.
12 H2: Command-Line Options
14 {{slapd}}(8) supports a number of command-line options as detailed
15 in the manual page. This section details a few commonly used options.
19 This option specifies an alternate configuration file for slapd.
20 The default is normally {{F:/usr/local/etc/openldap/slapd.conf}}.
24 This option specifies alternative listener configurations. The
25 default is {{EX:ldap:///}} which implies {{TERM:LDAP}} over
26 {{TERM:TCP}} on all interfaces on the default LDAP port 389. You
27 can specify specific host-port pairs or other protocol schemes (such
28 as {{EX:ldaps://}} or {{EX:ldapi://}}). For example, {{EX:-h
29 "ldaps:// ldap://127.0.0.1:666"}} will create two listeners: one
30 for the (non-standard) {{EX:ldaps://}} scheme on all interfaces on
31 the default {{EX:ldaps://}} port 636, and one for the standard
32 {{EX:ldap://}} scheme on the {{EX:localhost}} ({{loopback}}) interface
33 on port 666. Hosts may be specified using using hostnames or
34 {{TERM:IPv4}} or {{TERM:IPv6}} addresses. Port values must be
39 This option specifies the service name used for logging and
40 other purposes. The default service name is {{EX:slapd}}.
42 > -l <syslog-local-user>
44 This option specifies the local user for the {{syslog}}(8)
45 facility. Values can be {{EX:LOCAL0}}, {{EX:LOCAL1}}, {{EX:LOCAL2}}, ...,
46 and {{EX:LOCAL7}}. The default is {{EX:LOCAL4}}. This option
47 may not be supported on all systems.
51 These options specify the user and group, respectively, to run
52 as. {{EX:user}} can be either a user name or uid. {{EX:group}}
53 can be either a group name or gid.
57 This option specifies a run-time directory. slapd will
58 {{chroot}}(2) to this directory after opening listeners but
59 before reading any configuration files or initializing
65 This option sets the slapd debug level to <level>. When level is a
66 `?' character, the various debugging levels are printed and slapd
67 exits, regardless of any other options you give it. Current
70 !block table; colaligns="RL"; align=Center; \
71 title="Table 7.1: Debugging Levels"
73 -1 enable all debugging
75 1 trace function calls
76 2 debug packet handling
77 4 heavy trace debugging
78 8 connection management
79 16 print out packets sent and received
80 32 search filter processing
81 64 configuration file processing
82 128 access control list processing
83 256 stats log connections/operations/results
84 512 stats log entries sent
85 1024 print communication with shell backends
86 2048 print entry parsing debugging
89 You may enable multiple levels by specifying the debug option
90 once for each desired level. Or, since debugging levels are
91 additive, you can do the math yourself. That is, if you want
92 to trace function calls and watch the config file being
93 processed, you could set level to the sum of those two levels
94 (in this case, {{EX: -d 65}}). Or, you can let slapd do the
95 math, (e.g. {{EX: -d 1 -d 64}}). Consult {{F: <ldap_log.h>}} for
98 Note: slapd must have been compiled with {{EX:-DLDAP_DEBUG}}
99 defined for any debugging information beyond the two stats levels
105 In general, slapd is run like this:
107 > /usr/local/libexec/slapd [<option>]*
109 where {{F:/usr/local/libexec}} is determined by {{EX:configure}}
110 and <option> is one of the options described above (or in {{slapd}}(8)).
111 Unless you have specified a debugging level (including level {{EX:0}}),
112 slapd will automatically fork and detach itself from its controlling
113 terminal and run in the background.
117 To kill off {{slapd}}(8) safely, you should give a command like this
119 > kill -INT `cat /usr/local/var/slapd.pid`
121 where {{F:/usr/local/var}} is determined by {{EX:configure}}.
123 Killing slapd by a more drastic method may cause information loss or