1 .TH SLAPD.CONF 5 "20 January 1999" "OpenLDAP LDVERSION"
3 slapd.conf \- configuration file for slapd, the stand-alone LDAP daemon
9 contains configuration information for the
11 daemon. This configuration file is also used by the
13 replication daemon and by the LDBM indexing utilities
16 .BR ldif2id2entry (8),
18 .BR ldif2id2children (8).
22 file consists of a series of global configuration options that apply to
24 as a whole (including all backends), followed by zero or more database
25 backend definitions that contain information specific to a backend
33 # comment - these options apply to every database
34 <global configuration options>
35 # first database definition & configuration options
36 database <backend 1 type>
37 <configuration options specific to backend 1>
38 # subsequent database definitions & configuration options
42 As many backend-specific sections as desired may be included. Global
43 options can be overridden in a backend (for options that appear more
44 than once, the last appearance in the
46 file is used). Blank lines and comment lines beginning with a `#'
47 character are ignored. If a line begins with white space, it is
48 considered a continuation of the previous line.
50 Arguments on configuration lines are separated by white space. If an
51 argument contains white space, the argument should be enclosed in
52 double quotes. If an argument contains a double quote (`"') or a
53 backslash character (`\\'), the character should be preceded by a
56 The specific configuration options available are discussed below in the
57 Global Configuration Options, General Backend Options, LDBM
58 Backend-Specific Options, Shell Backend-Specific Options, and Password
59 Backend-Specific Options sections. Refer to "The SLAPD and SLURPD
60 Administrator's Guide" for more details on the slapd configuration
62 .SH GLOBAL CONFIGURATION OPTIONS
63 Options described in this section apply to all backends, unless specifically
64 overridden in a backend definition. Arguments that should be replaced by
65 actual text are shown in brackets <>.
68 access to <what> [ by <who> <accesslevel> ]+
69 Grant access (specified by <accesslevel>) to a set of entries and/or
70 attributes (specified by <what>) by one or more requestors (specified
71 by <who>). Refer to "The SLAPD and SLURPD Administrator's Guide" for
72 information on using the
74 access-control mechanisms.
77 attribute <name> [<name2>] { bin | ces | cis | tel | dn }
78 Associate a syntax with an attribute name. By default, an
79 attribute is assumed to have syntax
81 An optional alternate name can be
82 given for an attribute. The possible syntaxes and their meanings are:
97 telephone number string
106 defaultaccess { none | compare | search | read | write | delete }
107 Specify the default access to grant requestors not matched by
108 any other access line. The default behavior is to grant read access.
110 .B include <filename>
111 Read additional configuration information from the given file before
112 continuing with the next line of the current file.
114 .B pidfile <filename>
115 The ( absolute ) name of a file that will hold the
117 server's process ID ( see
119 ) if started without the debugging command line option.
121 .B argsfile <filename>
122 The ( absolute ) name of a file that will hold the
124 server's command line options
125 if started without the debugging command line option.
127 .B loglevel <integer>
128 Specify the level at which debugging statements and operation
129 statistics should be syslogged (currently logged to the
131 LOG_LOCAL4 facility). Log levels are additive, and available levels
141 debug packet handling
144 heavy trace debugging
147 connection management
150 print out packets sent and received
153 search filter processing
156 configuration file processing
159 access control list processing
162 stats log connections/operations/results
165 stats log entries sent
168 print communication with shell backends
177 objectclass <name> requires <attrs> allows <attrs>
178 Define the schema rules for the object class named <name>. These are
179 used in conjunction with the schemacheck option.
182 Specify the referral to pass back when
184 cannot find a local database to handle a request.
186 .B schemacheck { on | off }
187 Turn schema checking on or off. The default is off.
189 .B sizelimit <integer>
190 Specify the maximum number of entries to return from a search operation.
191 The default size limit is 500.
194 Specify the srvtab file in which the kerberos keys necessary for
195 authenticating clients using kerberos can be found. This option is only
196 meaningful if you are using Kerberos authentication.
198 .B timelimit <integer>
199 Specify the maximum number of seconds (in real time)
201 will spend answering a search request. The default time limit is 3600.
202 .SH GENERAL BACKEND OPTIONS
203 Options in this section only apply to the configuration file section
204 for the backend in which they are defined. They are supported by every
207 .B database <databasetype>
208 Mark the beginning of a new database instance definition. <databasetype>
214 depending on which backend will serve the database.
219 will automatically maintain the
220 modifiersName, modifyTimestamp, creatorsName, and
221 createTimestamp attributes for entries. By default, lastmod is off.
224 This option puts the database into "read-only" mode. Any attempts to
225 modify the database will return an "unwilling to perform" error. By
226 default, readonly is off.
229 replica host=<hostname>[:port] "binddn=<DN>" bindmethod=simple |
231 kerberos [credentials=<password>] [srvtab=<filename>]
233 Specify a replication site for this database. Refer to "The SLAPD and
234 SLURPD Administrator's Guide" for detailed information on setting up
239 .B replogfile <filename>
240 Specify the name of the replication log file to log changes to.
241 The replication log is typically written by
247 for more information.
250 Specify the DN of an entry that is not subject to access control
251 or administrative limit restrictions for operations on this database.
254 Specify a password (or hash of the password) for the rootdn.
255 This option accepts all password formats known to the server
256 including \fB{SHA}\fP, \fB{MD5}\fP, \fB{CRYPT}\fP, and cleartext.
257 Cleartext passwords are not recommended.
259 .B suffix <dn suffix>
260 Specify the DN suffix of queries that will be passed to this
261 backend database. Multiple suffix lines can be given and at least one is
262 required for each database definition.
265 This option is only applicable in a slave
267 It specifies the DN allowed to make changes to the replica (typically,
270 binds as when making changes to the replica).
271 .SH LDBM BACKEND-SPECIFIC OPTIONS
272 Options in this category only apply to the LDBM backend database. That is,
273 they must follow a "database ldbm" line and come before any subsequent
274 "database" lines. The LDBM backend is a high-performance database that
275 makes extensive use of indexing and caching to speed data access.
277 .B cachesize <integer>
278 Specify the size in entries of the in-memory cache maintained
279 by the LDBM backend database instance. The default is 1000 entries.
281 .B dbcachesize <integer>
282 Specify the size in bytes of the in-memory cache associated
283 with each open index file. If not supported by the underlying database
284 method, this option is ignored without comment. The default is 100000 bytes.
287 Specify that database writes should not be immediately synchronized
288 with in memory changes. Enabling this option may improve performance
289 at the expense of data security.
291 .B directory <directory>
292 Specify the directory where the LDBM files containing the database and
293 associated indexes live. The default is
297 index { <attrlist> | default } [ pres,eq,approx,sub,none ]
298 Specify the indexes to maintain for the given attribute. If only
299 an <attr> is given, all possible indexes are maintained.
302 Specify the file protection mode that newly created database
303 index files should have. The default is 0600.
304 .SH SHELL BACKEND-SPECIFIC OPTIONS
305 Options in this category only apply to the SHELL backend database. That is,
306 they must follow a "database shell" line and come before any subsequent
307 "database" lines. The Shell backend executes external programs to
308 implement operations, and is designed to make it easy to tie an existing
319 .B compare <pathname>
329 .B abandon <pathname>
330 These options specify the pathname of the command to execute in response
331 to the given LDAP operation. The command given should understand and
332 follow the input/output conventions described in Appendix B of "The SLAPD
333 and SLURPD Administrator's Guide."
335 Note that you need only supply configuration lines for those commands you
336 want the backend to handle. Operations for which a command is not
337 supplied will be refused with an "unwilling to perform" error.
338 .SH PASSWORD BACKEND-SPECIFIC OPTIONS
339 Options in this category only apply to the PASSWD backend database.
340 That is, they must follow a "database passwd" line and come before any
341 subsequent "database" lines. The PASSWD database serves up the user
342 account information listed in the system
347 Specifies an alternate passwd file to use. The default is
350 "The SLAPD and SLURPD Administrator's Guide" contains an annotated
351 example of a configuration file.
356 .BR slapd.replog (5),
361 "The SLAPD and SLURPD Administrator's Guide"
364 is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
366 is derived from University of Michigan LDAP 3.3 Release.
projects / openldap / blob