-.TH SLAPD 8C "3 April 1999" "OpenLDAP LDVERSION"
+.\" $OpenLDAP$
+.\" Copyright 1998-2002 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.TH SLAPD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
.SH NAME
slapd \- Stand-alone LDAP Daemon
.SH SYNOPSIS
.B LIBEXECDIR/slapd
+.B [\-[4|6]]
+.B [\-d debug\-level]
.B [\-f slapd\-config\-file]
.B [\-h URLs]
-.B [\-d debug\-level]
-.B [\-p port\-number]
-.B [\-P tls\-port\-number]
-.B [\-s syslog\-level] [\-l syslog\-local\-user]
-.B [\-u user] [\-g group]
+.B [\-n service\-name] [\-s syslog\-level] [\-l syslog\-local\-user]
+.B [\-r directory]
+.B [\-u user] [\-g group] [\-t]
.B
.SH DESCRIPTION
.LP
).
If the
.B \-d
-flag is given and debugging is set to some non-zero
-value,
+flag is given, even with a zero argument,
.B slapd
will not fork and disassociate from the invoking tty.
.LP
.BR slurpd (8)
for details.
.LP
-See "The SLAPD and SLURPD Administrator's Guide" for more details on
+See the "OpenLDAP Administrator's Guide" for more details on
.BR slapd .
.SH OPTIONS
.TP
+.B \-4
+Listen on IPv4 addresses only.
+.TP
+.B \-6
+Listen on IPv6 addresses only.
+.TP
.BI \-d " debug\-level"
Turn on debugging as defined by
.I debug\-level.
-If this option is specified,
+If this option is specified, even with a zero argument,
.B slapd
will not fork or disassociate from the invoking terminal. Some general
operation and status messages are printed for any value of \fIdebug\-level\fP.
\fIdebug\-level\fP is taken as a bit string, with each bit corresponding to a
different kind of debugging information. See <ldap.h> for details.
+Remember that if you turn on packet logging, packets containing bind passwords
+will be output, so if you redirect the log to a logfile, that file should
+be read-protected.
.TP
.BI \-s " syslog\-level"
This option tells
.BR syslog (8)
facility.
.TP
+.BI \-n " service\-name"
+Specifies the service name for logging and other purposes. Defaults
+to basename of argv[0], i.e.: "slapd".
+.TP
.BI \-l " syslog\-local\-user"
Selects the local user of the
.BR syslog (8)
.TP
.BI \-h " URLlist"
.B slapd
-will serve
+will by default serve
.B ldap:///
-(LDAP over TCP on all interfaces on default LDAP port). As such,
-it will bind to INADDR_ANY, port 389.
+(LDAP over TCP on all interfaces on default LDAP port). That is,
+it will bind using INADDR_ANY and port 389.
The
.B \-h
option may be used to specify LDAP (and LDAPS) URLs to serve.
For example, if slapd is given
-.B \-h " ldap://127.0.0.1:9009/ ldaps:///",
-It will bind 127.0.0.1:9009 for LDAP and INADDR_ANY:636 for LDAP over TLS.
-A space separated list of URLs is expected. The URLS should be of
-LDAP (ldap://) or, if supported, LDAP over TLS (ldaps://) type without
-a DN or other optional parameters. Hosts may be specified in either
-Internet '.' format (preferred) or by name. Ports, if specfied,
-must be numeric.
-.TP
-.BI \-p " port\-number"
-.B slapd
-will use on the default port (389) for LDAP URLs unless this
-option is given to override the default.
-A numeric port number is expected.
-.TP
-.BI \-P " tls\-port\-number"
-.B slapd
-will use on the default port (636) for LDAPS (LDAP over TLS) URLs
-unless this option is given to override the default. A numeric port
-number is expected.
+.B \-h " ldap://127.0.0.1:9009/ ldaps:/// ldapi:///",
+It will bind 127.0.0.1:9009 for LDAP, 0.0.0.0:636 for LDAP over TLS,
+and LDAP over IPC (Unix domain sockets). Host 0.0.0.0 represents
+INADDR_ANY.
+A space separated list of URLs is expected. The URLs should be of
+LDAP (ldap://) or LDAP over TLS (ldaps://) or LDAP over IPC (ldapi://)
+scheme without a DN or other optional parameters. Support for the
+latter two schemes depends on selected configuration options. Hosts
+may be specified by name or IPv4 and IPv6 address formats.
+Ports, if specfied, must be numeric. The default ldap:// port is 389
+and the default ldaps:// port is 636.
.TP
-.BI \-P " port\-number"
-Changes the port where
-.B slapd
-will expect LDAP over raw TLS connections. If this option is not given,
-the default port for this purpose (636) will be used. A numeric port
-number is expected.
+.BI \-r " directory"
+Specifies a chroot "jail" directory. slapd will
+.BR chdir (2)
+then
+.BR chroot (2)
+to this directory after opening listeners but before reading
+any configuration file or initializing any backend.
.TP
.BI \-u " user"
.B slapd
Note that on some systems, running as a non-privileged user will prevent
passwd back-ends from accessing the encrypted passwords. Note also that
any shell back-ends will run as the specified non-privileged user.
+.TP
+.BI \-t
+.B slapd
+will read the configuration file (the default if none is given with the
+\fI\-f\fP switch) and check its syntax, without opening any listener
+or database.
.SH EXAMPLES
To start
.I slapd
.LP
.nf
.ft tt
- LIBEXECDIR/slapd -f ETCDIR/slapd.conf -d 255
+ LIBEXECDIR/slapd -f /var/tmp/slapd.conf -d 255
+.ft
+.fi
+.LP
+To test whether the configuration file is correct or not, type:
+.LP
+.nf
+.ft tt
+ LIBEXECDIR/slapd -t
.ft
.fi
.LP
.SH "SEE ALSO"
.BR ldap (3),
.BR slapd.conf (5),
+.BR slapd.access (5),
.BR slurpd (8)
.LP
-"The SLAPD and SLURPD Administrator's Guide"
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
.SH BUGS
-When using the LDBM database backend, the Modify RDN operation does not
-update the attribute values in the entry that are affected by the change.
+See http://www.openldap.org/its/
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).