you give it. Current debugging levels (a subset of slapd's
debugging levels) are
-> 4 heavy trace debugging
-> 64 configuration file processing
-> 65535 enable all debugging
+!block table; colaligns="RL"; align=Center; \
+ title="Table 10.1: Debugging Levels"
+Level Description
+4 heavy trace debugging
+64 configuration file processing
+65535 enable all debugging
+!endblock
Debugging levels are additive. That is, if you want heavy
trace debugging and want to watch the config file being
suffix depending on the underlying database package used.
The current possibilities are
-* {{EX: dbb}} Berkeley DB B-tree backend
-* {{EX: dbh}} Berkeley DB hash backend
-* {{EX: gdbm}} GNU DBM backend
+!block table; align=Center; \
+ title="Table 10.2: Database File Suffixes"
+Suffix Database
+{{EX:dbb}} Berkeley DB B-tree backend
+{{EX:dbh}} Berkeley DB hash backend
+{{EX:gdbm}} GNU DBM backend
+!endblock
In general, you should copy all files found in the database
{{EX: directory}} unless you know it not used by {{slapd}}(8).
!import "replication.gif"; align="center"; \
title="Replication from slapd to an X.500 DSA"
-FT: Figure 6: Replication from slapd to an X.500 DSA
+FT: Figure 10.1: Replication from slapd to an X.500 DSA
Note that the X.500 DSA must be a read-only copy. Since
the replication is one-way, updates from {{TERM:DAP}} clients
A solution to this attribute naming problem is to have the
ldapd read oidtables that map {{EX:modifiersName}} to the
-objectID (OID) for the {{EX:lastModifiedBy}} attribute and
+Object Identifier ({{TERM:OID}}) for the {{EX:lastModifiedBy}} attribute and
{{EX:modifyTimeStamp}} to the OID for the {{EX:lastModifiedTime}}
attribute. Since attribute names are carried as OIDs over
DAP, this should perform the appropriate translation of
This option specifies an alternate configuration file for slapd.
The default is normally {{F:/usr/local/etc/openldap/slapd.conf}}.
+> -h <URLs>
+
+This option specifies alternative listener configuration. The
+default is {{EX:ldap:///}} which implies LDAP over TCP, on all
+interfaces, on the default LDAP port 389. You can specify
+specific host-port pairs or other protocol schemes (such as
+ldaps:// or ldapi://). For example,
+{{EX:-h "ldaps:// ldap://127.0.0.1:666"}} will create
+two listeners: one for LDAP over SSL, on all interfaces, on
+the default LDAP/SSL port 646 and one for LDAP over TCL, only
+the {{EX:localhost}} ({{loopback}}) interface, on port 666.
+Hosts may be specified using IPv4 dot-decimal form or
+using host names. Ports values must be numeric.
+
+> -n <service-name>
+
+This option specifies the service name used for logging and
+other purposes. The default service name is {{EX:slapd}}.
+
+> -l <syslog-local-user>
+
+This option specifies the local user for the {{syslog}}(8)
+facility. Values can be {{EX:LOCAL0}}, {{EX:LOCAL1}}, {{EX:LOCAL2}}, ...,
+and {{EX:LOCAL7}}. The default is {{EX:LOCAL4}}. This option
+may not be supported on all systems.
+
+> -u user -g group
+
+These options specify the user and group, respectively, to run
+as. {{EX:user}} can be either a user name or uid. {{EX:group}}
+can be either a group name or gid.
+
+> -r directory
+
+This option specifies a run-time directory. slapd will
+{{chroot}}(2) to this directory after opening listeners but
+before any reading any configuration file or initializing
+any backend.
+.
> -d <level> | ?
H1: The slapd Configuration File
Once the software has been built and installed, you are ready
-to configure it for use at your site. The slapd runtime configuration
-is primarily accomplished through the {{I:slapd.conf}}(5) file,
-normally installed in the {{EX:/usr/local/etc/openldap}} directory.
+to configure {{slapd}}(8) for use at your site. The slapd
+runtime configuration is primarily accomplished through the
+{{I:slapd.conf}}(5) file, normally installed in the
+{{EX:/usr/local/etc/openldap}} directory.
An alternate configuration file can be specified via a
command-line option to {{slapd}}(8) or {{slurpd}}(8). This chapter
Please see the {{SECT:Schema Specification}} chapter
for information regarding how to use this directive.
-
H4: defaultaccess { none | compare | search | read | write }
This directive specifies the default access to grant requesters
E: defaultaccess read
+H4: idletimeout <integer>
+
+Specify the number of seconds to wait before forcibly closing
+an idle client connections. A idletimeout of 0, the default,
+disables this feature.
+
+
H4: include <filename>
This directive specifies that slapd should read additional
no small limit on the number of nested include directives, and no
loop detection is done.
-
H4: loglevel <integer>
This directive specifies the level at which debugging statements
See the {{SECT:Replication}} chapter for more information on how to
use this directive.
+H4: updateref <URL>
+
+This directive is only applicable in a slave slapd. It
+specifies the URL to return to clients which submit update
+requests upon the replica.
+If specified multiple times, each {{TERM:URL}} is provided.
+
+\Example:
+
+> update ldap://master.example.net
+
H3: LDBM Backend-Specific Directives
> dbcachesize 100000
+H4: dbnolocking
+
+This option, if present, disables database locking.
+Enabling this option may improve performance at the expense
+of data security.
+
+
+H4: dbnosync
+
+This option causes on-disk database contents not be immediately
+synchronized with in memory changes upon change. Enabling this option
+may improve performance at the expense of data security.
+
+
H4: directory <directory>
This directive specifies the directory where the LDBM files
-H3: Shell Backend-Specific Directives
-
-> bind <pathname>
-> unbind <pathname>
-> search <pathname>
-> compare <pathname>
-> modify <pathname>
-> modrdn <pathname>
-> add <pathname>
-> delete <pathname>
-> abandon <pathname>
-
-These directives specify the pathname of the command to
-execute in response to the given LDAP operation. The
-command given should understand and follow the input/output
-conventions described in Appendix B.
-
-\Example:
-
-> search /usr/local/bin/search.sh
-
-Note that you need only supply those commands you want the
-backend to handle. Operations for which a command is not
-supplied will be refused with an "unwilling to perform" error.
-
-
-
-H3: Password Backend-Specific Directives
-
-Directives in this category only apply to the PASSWD backend
-database. That is, they must follow a "database passwd" line
-and come before any other "database" line.
-
-H4: file <filename>
-
-This directive specifies an alternate passwd file to use.
-
-\Default:
-
-> file /etc/passwd
-
-
+H3: Other Backend and Databases
-H3: TCL Backend-Specific Directives
+{{slapd}}(8) supports a number of other backend database types.
-H4: scriptpath <pathname>
-
-This is the full path to a file containing the TCL command(s) to handle
-the LDAP operations.
-
-H4: Proc specifiers
-
-> bind <proc>
-> unbind <proc>
-> search <proc>
-> compare <proc>
-> modify <proc>
-> modrdn <proc>
-> add <proc>
-> delete <proc>
-> abandon <proc>
-
-These directives specify the name of the proc (function) in the
-TCL script specified in {{EX:scriptpath}} to execute in response to
-the given LDAP operation.
-
-\Example:
-
-> search proc_search
-
-Note that you need only supply those commands you want the
-TCL backend to handle. Operations for which a command is not
-supplied will be refused with an "unwilling to perform" error.
-
-H4: tclrealm <name>
+!block table; align=Center; \
+ title="Table 5.2: Backend Database Types"
+Types Description
+passwd Provides read-only access to {{F:/etc/passwd}}
+shell Shell (extern program) backend
+sql SQL Programmable backend
+!endblock
-This is one of the biggest pluses of using the TCL backend.
-The realm let's you group several databases to the same interpretor.
-This basically means they share the same global variables and proc
-space. So global variables, as well as all the procs are callable
-between databases. If no {{EX:tclrealm}} is specified, it is put into the
-"default" realm.
+See {{slapd.conf}}(5) for details.
The follow table summaries entity specifiers:
!block table; align=Center; \
- title="Table 5.2: Access Entity Specifiers"
+ title="Table 5.3: Access Entity Specifiers"
Specifier Entities
* All, including anonymous and authenticated users
anonymous Anonymous (non-authenticated) users
!block table; colaligns="LRL"; align=Center; \
- title="Table 5.3: Access Levels"
+ title="Table 5.4: Access Levels"
Level Privledges Description
none no access
auth =x needed to bind
projects / openldap / commitdiff
