Once the software has been built and installed, you are ready
to configure {{slapd}}(8) for use at your site. Unlike previous
-OpenLDAP releases, the slapd runtime configuration in 2.3 is
-fully LDAP-enabled and can be managed using the standard LDAP
+OpenLDAP releases, the slapd(8) runtime configuration in 2.3 (and later)
+is fully LDAP-enabled and can be managed using the standard LDAP
operations with data in {{TERM:LDIF}}. The LDAP configuration engine
allows all of slapd's configuration options to be changed on the fly,
generally without requiring a server restart for the changes
to take effect. The old style {{slapd.conf}}(5) file is still
-supported, but must be converted to the new {{slapd.d}}(5) format
+supported, but must be converted to the new {{slapd-config}}(5) format
to allow runtime changes to be saved. While the old style
configuration uses a single file, normally installed as
{{F:/usr/local/etc/openldap/slapd.conf}}, the new style
configuration database normally resides in the
{{F:/usr/local/etc/openldap/slapd.d}} directory.
-An alternate configuration directory (or file) can be specified via a
-command-line option to {{slapd}}(8) or {{slurpd}}(8). This chapter
-describes the general format of the configuration system, followed by a
-detailed description of commonly used config settings.
+An alternate configuration directory (or file) can be specified via
+a command-line option to {{slapd}}(8). This chapter describes the
+general format of the configuration system, followed by a detailed
+description of commonly used config settings.
Note: some of the backends and of the distributed overlays
do not support runtime configuration yet. In those cases,
Other objects may be part of the configuration but were omitted from
the illustration for clarity.
-The {{slapd.d}} configuration tree has a very specific structure. The
+The {{slapd-config}} configuration tree has a very specific structure. The
root of the tree is named {{EX:cn=config}} and contains global configuration
settings. Additional settings are contained in separate child entries:
* Include files
H2: Configuration Directives
This section details commonly used configuration directives. For
-a complete list, see the {{slapd.d}}(5) manual page. This section
+a complete list, see the {{slapd-config}}(5) manual page. This section
will treat the configuration directives in a top-down order, starting
with the global directives in the {{EX:cn=config}} entry. Each
directive will be described along with its default value (if any) and
Simple authentication should not be used unless adequate data
integrity and confidentiality protections are in place (e.g. TLS
-or IPSEC). Simple authentication requires specification of
-{{EX:binddn}} and {{EX:credentials}} parameters.
+or {{TERM:IPsec}}). Simple authentication requires specification
+of {{EX:binddn}} and {{EX:credentials}} parameters.
SASL authentication is generally recommended. SASL authentication
requires specification of a mechanism using the {{EX:saslmech}} parameter.
This directive specifies the name of the replication log file to
which slapd will log changes. The replication log is typically
-written by slapd and read by slurpd. Normally, this directive is
-only used if slurpd is being used to replicate the database.
-However, you can also use it to generate a transaction log, if
-slurpd is not running. In this case, you will need to periodically
-truncate the file, since it will grow indefinitely otherwise.
+written by {{slapd}}(8) and read by {{slurpd}}(8). Normally, this
+directive is only used if {{slurpd}}(8) is being used to replicate
+the database. However, you can also use it to generate a transaction
+log, if {{slurpd}}(8) is not running. In this case, you will need to
+periodically truncate the file, since it will grow indefinitely
+otherwise.
See the chapter entitled {{SECT:Replication with slurpd}} for more
information on how to use this directive.
The master database is located at the replication provider site
specified by the {{EX:provider}} parameter. The replica database is
kept up-to-date with the master content using the LDAP Content
-Synchronization protocol. See {{EX:draft-zeilenga-ldup-sync-xx.txt}}
-({{a work in progress}}) for more information on the protocol.
+Synchronization protocol. See {{REF:RFC4533}}
+for more information on the protocol.
The {{EX:rid}} parameter is used for identification of the current
{{EX:syncrepl}} directive within the replication consumer server,
Simple authentication should not be used unless adequate data
integrity and confidentiality protections are in place (e.g. TLS
-or IPSEC). Simple authentication requires specification of {{EX:binddn}}
+or IPsec). Simple authentication requires specification of {{EX:binddn}}
and {{EX:credentials}} parameters.
SASL authentication is generally recommended. SASL authentication
projects / openldap / blobdiff