attribute. If only an {{EX:<attrlist>}} is given, the default
indexes are maintained.
-
\Example:
> index default pres,eq
-> index objectClass,uid
-> index cn,sn eq,sub,approx
+> index uid
+> index cn,sn pres,eq,sub
+> index objectClass eq
+
+The first line sets the default set of indices to maintain to
+present and equality. The second line causes the default (pres,eq)
+set of indices to be maintained for the {{EX:uid}} attribute type.
+The third line causes present, equality, and substring indices to
+be maintained for {{EX:cn}} and {{EX:sn}} attribute types. The
+fourth line causes an equality index for the {{EX:objectClass}}
+attribute type.
+
+By default, no indices are maintained. It is generally advised
+that minimally an equality index upon objectClass be maintained.
+
+> index objectClass eq
+
-The first line sets the default set of indices to maintain to present
-and equality. The second line causes the default (pres,eq) set
-of indices to be maintained for {{EX:objectClass}} and {{EX:uid}} attribute
-types. The third line causes equality, substring, and approximate
-indices to be maintained for {{EX:cn}} and {{EX:sn}} attribute types.
H4: mode <integer>
This example applies to entries in the "{{EX:dc=example,dc=com}}"
subtree. To all attributes except {{EX:homePhone}}, the entry itself
can write them, other {{EX:example.com}} entries can search by them,
-anybody else has no access ((implicit {{EX:by * none}}) excepting for
+anybody else has no access (implicit {{EX:by * none}}) excepting for
authentication/authorization (which is always done anonymously).
The {{EX:homePhone}} attribute is writable by the entry, searchable
by other {{EX:example.com}} entries, readable by clients connecting
password. This entry is not subject to access control or size or
time limit restrictions.
-Lines 11 through 18 are for replication. Line 11 specifies the
+Lines 11 through 18 are for replication. Line 12 specifies the
replication log file (where changes to the database are logged \-
-this file is written by slapd and read by slurpd). Lines 12 through
-14 specify the hostname and port for a replicated host, the DN to
+this file is written by slapd and read by slurpd). Lines 13 through
+15 specify the hostname and port for a replicated host, the DN to
bind as when performing updates, the bind method (simple) and the
-credentials (password) for the binddn. Lines 15 through 18 specify
+credentials (password) for the binddn. Lines 16 through 18 specify
a second replication site. See the {{SECT:Replication with slurpd}}
chapter for more information on these directives.
by the entry itself and by the "admin" entry. It may be used for
authentication/authorization purposes, but is otherwise not readable.
All other attributes are writable by the entry and the "admin"
-entry, but may be read by authenticated users.
+entry, but may be read by all users (authenticated or not).
The next section of the example configuration file defines another
LDBM database. This one handles queries involving the
-{{EX:dc=example,dc=net}} subtree. Note that without line 38, the
-read access would be allowed due to the global access rule at line
-4.
+{{EX:dc=example,dc=net}} subtree but is managed by the same entity
+as the first database. Note that without line 39, the read access
+would be allowed due to the global access rule at line 4.
E: 33. # ldbm definition for example.net
E: 34. database ldbm
E: 35. suffix "dc=example,dc=net"
E: 36. directory /usr/local/var/ldbm-example-net
E: 37. rootdn "cn=Manager,dc=example,dc=com"
-E: 38. access to * by users read
+E: 38. index objectClass eq
+E: 39. access to * by users read
projects / openldap / blobdiff