.TH SLAPD.CONF 5 "5 August 1999" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-1999 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slapd.conf \- configuration file for slapd, the stand-alone LDAP daemon
actual text are shown in brackets <>.
.TP
.B
-access to <what> [ by <who> <accesslevel> ]+
-Grant access (specified by <accesslevel>) to a set of entries and/or
+access to <what> [ by <who> <access> <control> ]+
+Grant access (specified by <access>) to a set of entries and/or
attributes (specified by <what>) by one or more requestors (specified
-by <who>). Refer to "The SLAPD and SLURPD Administrator's Guide" for
-information on using the
-.B slapd
-access-control mechanisms.
+by <who>).
+See Developer's FAQ (http://www.openldap.org/faq/) for details.
.TP
.B
-attribute ( <oid> [NAME <name>] [DESC <description>] [OBSOLETE] \
+attributetype ( <oid> [NAME <name>] [DESC <description>] [OBSOLETE] \
[SUP <oid>] [EQUALITY <oid>] [ORDERING <oid>] [SUBSTR <oid>] \
[SYNTAX <oidlen>] [SINGLE-VALUE] [COLLECTIVE] [NO-USER-MODIFICATION] \
[USAGE <attributeUsage>] )
parser extends the RFC 2252 definition by allowing string forms as well
as numeric OIDs to be used for the attribute OID and attribute syntax OID.
(See the
-.B
-objectidentifier
+.B objectidentifier
description.) Currently the syntax name parser is case-sensitive.
The known syntax names are:
.RS
.RE
.TP
.B
-attribute <name> [<name2>] { bin | ces | cis | tel | dn }
+attribute[type] <name> [<name2>] { bin | ces | cis | tel | dn }
Associate a syntax with an attribute name. This directive is deprecated
in favor of the one above. By default, an
attribute is assumed to have syntax
.RE
.TP
.B
-defaultaccess [self]{ none | compare | search | read | write }
-Specify the default access to grant requestors not matched by
-any other access line. The default behavior is to grant read access.
+defaultaccess { none | auth | compare | search | read | write }
+Specify the default access level to grant requestors when
+no access directives were provided for the database.
+The default behavior is to grant 'read' access. It is
+recommended that
+.B access
+directives be used instead.
.TP
.B idletimeout <integer>
Specify the number of seconds to wait before forcibly closing
.TP
.B rootpw <password>
Specify a password (or hash of the password) for the rootdn.
-This option accepts all password formats known to the server
-including \fB{SHA}\fP, \fB{MD5}\fP, \fB{CRYPT}\fP, and cleartext.
-Cleartext passwords are not recommended.
+This option accepts all RFC 2307 userPassword formats known to
+the server including \fB{SSHA}\fP, \fB{SHA}\fP, \fB{SMD5}\fP,
+\fB{MD5}\fP, \fB{CRYPT}\fP, and cleartext schemes. Cleartext
+passwords are not recommended.
.TP
.B suffix <dn suffix>
Specify the DN suffix of queries that will be passed to this
performance at the expense of data security.
.TP
.B directory <directory>
-Specify the directory where the LDBM files containing the database and
-associated indexes live. The default is
-.B /usr/tmp.
+Specify the directory where the LDBM files containing this database and
+associated indexes live. A separate directory must be specified for
+each database. The default is
+.BR LOCALSTATEDIR/openldap-ldbm .
.TP
.B
index { <attrlist> | default } [ pres,eq,approx,sub,none ]