From: Kurt Zeilenga Date: Sat, 12 Aug 2000 06:35:08 +0000 (+0000) Subject: Update running with additional slapd arguments X-Git-Tag: LDBM_PRE_GIANT_RWLOCK~2264 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=a85a26c56ac5b47052018c7378c1a786606ebc72;p=openldap Update running with additional slapd arguments Update slapdcofig with additional directives Add updated graphics and othe misc changes. --- diff --git a/doc/guide/admin/config.sdf b/doc/guide/admin/config.sdf index b81412b698..6355de07bd 100644 --- a/doc/guide/admin/config.sdf +++ b/doc/guide/admin/config.sdf @@ -55,9 +55,10 @@ H2: Distributed Local Directory Service In this configuration, the local service is partitioned into smaller services, each which may be replicated, and {{glued}} together with -{{superior}} and {{subordinate}} referrals. An example of this -configuration is shown in Figure 3.4. +{{superior}} and {{subordinate}} referrals. +!if 0 +An example of this configuration is shown in Figure 3.4. !import "config_dist.gif"; align="center"; title="Distributed Local Directory Services" FT[align="Center"] Figure 3.4: Distributed Local Directory Services - +!endif diff --git a/doc/guide/admin/config_local.gif b/doc/guide/admin/config_local.gif index d518bca919..6690d46fa0 100644 Binary files a/doc/guide/admin/config_local.gif and b/doc/guide/admin/config_local.gif differ diff --git a/doc/guide/admin/config_ref.gif b/doc/guide/admin/config_ref.gif new file mode 100644 index 0000000000..9108d3a7d4 Binary files /dev/null and b/doc/guide/admin/config_ref.gif differ diff --git a/doc/guide/admin/config_repl.gif b/doc/guide/admin/config_repl.gif index d0b70bba48..c680d1c937 100644 Binary files a/doc/guide/admin/config_repl.gif and b/doc/guide/admin/config_repl.gif differ diff --git a/doc/guide/admin/install.sdf b/doc/guide/admin/install.sdf index 4050c80980..ad18c11f03 100644 --- a/doc/guide/admin/install.sdf +++ b/doc/guide/admin/install.sdf @@ -123,7 +123,7 @@ filters (such as those provided by a IP-level firewall) is recommended for servers containing non-public information. -H2: Configuring OpenLDAP +H2: Running configure If you haven't already done so, extra the distribution for the compressed archive file and change directory to the top of the diff --git a/doc/guide/admin/replication.sdf b/doc/guide/admin/replication.sdf index 6af81da568..9fcd3e4690 100644 --- a/doc/guide/admin/replication.sdf +++ b/doc/guide/admin/replication.sdf @@ -102,9 +102,13 @@ printed and slapd exits, regardless of any other options you give it. Current debugging levels (a subset of slapd's debugging levels) are -> 4 heavy trace debugging -> 64 configuration file processing -> 65535 enable all debugging +!block table; colaligns="RL"; align=Center; \ + title="Table 10.1: Debugging Levels" +Level Description +4 heavy trace debugging +64 configuration file processing +65535 enable all debugging +!endblock Debugging levels are additive. That is, if you want heavy trace debugging and want to watch the config file being @@ -223,9 +227,13 @@ files located in the database {{EX:directory}} specified in suffix depending on the underlying database package used. The current possibilities are -* {{EX: dbb}} Berkeley DB B-tree backend -* {{EX: dbh}} Berkeley DB hash backend -* {{EX: gdbm}} GNU DBM backend +!block table; align=Center; \ + title="Table 10.2: Database File Suffixes" +Suffix Database +{{EX:dbb}} Berkeley DB B-tree backend +{{EX:dbh}} Berkeley DB hash backend +{{EX:gdbm}} GNU DBM backend +!endblock In general, you should copy all files found in the database {{EX: directory}} unless you know it not used by {{slapd}}(8). @@ -353,7 +361,7 @@ the X.500 DSA: !import "replication.gif"; align="center"; \ title="Replication from slapd to an X.500 DSA" -FT: Figure 6: Replication from slapd to an X.500 DSA +FT: Figure 10.1: Replication from slapd to an X.500 DSA Note that the X.500 DSA must be a read-only copy. Since the replication is one-way, updates from {{TERM:DAP}} clients @@ -371,7 +379,7 @@ DSA may expect these attributes to be named A solution to this attribute naming problem is to have the ldapd read oidtables that map {{EX:modifiersName}} to the -objectID (OID) for the {{EX:lastModifiedBy}} attribute and +Object Identifier ({{TERM:OID}}) for the {{EX:lastModifiedBy}} attribute and {{EX:modifyTimeStamp}} to the OID for the {{EX:lastModifiedTime}} attribute. Since attribute names are carried as OIDs over DAP, this should perform the appropriate translation of diff --git a/doc/guide/admin/runningslapd.sdf b/doc/guide/admin/runningslapd.sdf index 8bce94ba93..c3da2cd713 100644 --- a/doc/guide/admin/runningslapd.sdf +++ b/doc/guide/admin/runningslapd.sdf @@ -19,6 +19,45 @@ in manual page. This section details a few commonly used options. This option specifies an alternate configuration file for slapd. The default is normally {{F:/usr/local/etc/openldap/slapd.conf}}. +> -h + +This option specifies alternative listener configuration. The +default is {{EX:ldap:///}} which implies LDAP over TCP, on all +interfaces, on the default LDAP port 389. You can specify +specific host-port pairs or other protocol schemes (such as +ldaps:// or ldapi://). For example, +{{EX:-h "ldaps:// ldap://127.0.0.1:666"}} will create +two listeners: one for LDAP over SSL, on all interfaces, on +the default LDAP/SSL port 646 and one for LDAP over TCL, only +the {{EX:localhost}} ({{loopback}}) interface, on port 666. +Hosts may be specified using IPv4 dot-decimal form or +using host names. Ports values must be numeric. + +> -n + +This option specifies the service name used for logging and +other purposes. The default service name is {{EX:slapd}}. + +> -l + +This option specifies the local user for the {{syslog}}(8) +facility. Values can be {{EX:LOCAL0}}, {{EX:LOCAL1}}, {{EX:LOCAL2}}, ..., +and {{EX:LOCAL7}}. The default is {{EX:LOCAL4}}. This option +may not be supported on all systems. + +> -u user -g group + +These options specify the user and group, respectively, to run +as. {{EX:user}} can be either a user name or uid. {{EX:group}} +can be either a group name or gid. + +> -r directory + +This option specifies a run-time directory. slapd will +{{chroot}}(2) to this directory after opening listeners but +before any reading any configuration file or initializing +any backend. +. > -d | ? diff --git a/doc/guide/admin/slapdconfig.sdf b/doc/guide/admin/slapdconfig.sdf index 5895203392..2122065ccf 100644 --- a/doc/guide/admin/slapdconfig.sdf +++ b/doc/guide/admin/slapdconfig.sdf @@ -5,9 +5,10 @@ H1: The slapd Configuration File Once the software has been built and installed, you are ready -to configure it for use at your site. The slapd runtime configuration -is primarily accomplished through the {{I:slapd.conf}}(5) file, -normally installed in the {{EX:/usr/local/etc/openldap}} directory. +to configure {{slapd}}(8) for use at your site. The slapd +runtime configuration is primarily accomplished through the +{{I:slapd.conf}}(5) file, normally installed in the +{{EX:/usr/local/etc/openldap}} directory. An alternate configuration file can be specified via a command-line option to {{slapd}}(8) or {{slurpd}}(8). This chapter @@ -103,7 +104,6 @@ This directive defines an attribute type. Please see the {{SECT:Schema Specification}} chapter for information regarding how to use this directive. - H4: defaultaccess { none | compare | search | read | write } This directive specifies the default access to grant requesters @@ -121,6 +121,13 @@ directive. E: defaultaccess read +H4: idletimeout + +Specify the number of seconds to wait before forcibly closing +an idle client connections. A idletimeout of 0, the default, +disables this feature. + + H4: include This directive specifies that slapd should read additional @@ -133,7 +140,6 @@ Note: You should be careful when using this directive - there is no small limit on the number of nested include directives, and no loop detection is done. - H4: loglevel This directive specifies the level at which debugging statements @@ -373,6 +379,17 @@ SASL-based Example: See the {{SECT:Replication}} chapter for more information on how to use this directive. +H4: updateref + +This directive is only applicable in a slave slapd. It +specifies the URL to return to clients which submit update +requests upon the replica. +If specified multiple times, each {{TERM:URL}} is provided. + +\Example: + +> update ldap://master.example.net + H3: LDBM Backend-Specific Directives @@ -404,6 +421,20 @@ modifies or when building indexes. > dbcachesize 100000 +H4: dbnolocking + +This option, if present, disables database locking. +Enabling this option may improve performance at the expense +of data security. + + +H4: dbnosync + +This option causes on-disk database contents not be immediately +synchronized with in memory changes upon change. Enabling this option +may improve performance at the expense of data security. + + H4: directory This directive specifies the directory where the LDBM files @@ -444,88 +475,19 @@ created database index files should have. -H3: Shell Backend-Specific Directives - -> bind -> unbind -> search -> compare -> modify -> modrdn -> add -> delete -> abandon - -These directives specify the pathname of the command to -execute in response to the given LDAP operation. The -command given should understand and follow the input/output -conventions described in Appendix B. - -\Example: - -> search /usr/local/bin/search.sh - -Note that you need only supply those commands you want the -backend to handle. Operations for which a command is not -supplied will be refused with an "unwilling to perform" error. - - - -H3: Password Backend-Specific Directives - -Directives in this category only apply to the PASSWD backend -database. That is, they must follow a "database passwd" line -and come before any other "database" line. - -H4: file - -This directive specifies an alternate passwd file to use. - -\Default: - -> file /etc/passwd - - +H3: Other Backend and Databases -H3: TCL Backend-Specific Directives +{{slapd}}(8) supports a number of other backend database types. -H4: scriptpath - -This is the full path to a file containing the TCL command(s) to handle -the LDAP operations. - -H4: Proc specifiers - -> bind -> unbind -> search -> compare -> modify -> modrdn -> add -> delete -> abandon - -These directives specify the name of the proc (function) in the -TCL script specified in {{EX:scriptpath}} to execute in response to -the given LDAP operation. - -\Example: - -> search proc_search - -Note that you need only supply those commands you want the -TCL backend to handle. Operations for which a command is not -supplied will be refused with an "unwilling to perform" error. - -H4: tclrealm +!block table; align=Center; \ + title="Table 5.2: Backend Database Types" +Types Description +passwd Provides read-only access to {{F:/etc/passwd}} +shell Shell (extern program) backend +sql SQL Programmable backend +!endblock -This is one of the biggest pluses of using the TCL backend. -The realm let's you group several databases to the same interpretor. -This basically means they share the same global variables and proc -space. So global variables, as well as all the procs are callable -between databases. If no {{EX:tclrealm}} is specified, it is put into the -"default" realm. +See {{slapd.conf}}(5) for details. @@ -615,7 +577,7 @@ access. Note that access is granted to "entities" not "entries." The follow table summaries entity specifiers: !block table; align=Center; \ - title="Table 5.2: Access Entity Specifiers" + title="Table 5.3: Access Entity Specifiers" Specifier Entities * All, including anonymous and authenticated users anonymous Anonymous (non-authenticated) users @@ -658,7 +620,7 @@ The kind of granted can be one of the following: !block table; colaligns="LRL"; align=Center; \ - title="Table 5.3: Access Levels" + title="Table 5.4: Access Levels" Level Privledges Description none no access auth =x needed to bind