From d3deed61191b6df5a9878b476ba59def35abcc65 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Fri, 17 Nov 2006 19:05:31 +0000 Subject: [PATCH] Expand examples, mention converting old conf file with slaptest. --- doc/man/man5/slapd-config.5 | 37 ++++++++++++++++++++++++++++++------- 1 file changed, 30 insertions(+), 7 deletions(-) diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5 index 67e1612d49..5eb6c7761e 100644 --- a/doc/man/man5/slapd-config.5 +++ b/doc/man/man5/slapd-config.5 @@ -117,7 +117,7 @@ keyword, with an "olc" prefix added on. The parser for many of these attributes is the same as used for parsing the slapd.conf keywords. As such, slapd.conf keywords that allow multiple -items to be specified on one line, separate by whitespace, will allow +items to be specified on one line, separated by whitespace, will allow multiple items to be specified in one attribute value. However, when reading the attribute via LDAP, the items will be returned as individual attribute values. @@ -459,12 +459,12 @@ server .B with another database, without disrupting the currently active clients. The default is FALSE. You may wish to use -.B idletimeout +.B olcIdletTmeout along with this option. .TP .B olcIdleTimeout: Specify the number of seconds to wait before forcibly closing -an idle client connection. A idletimeout of 0 disables this +an idle client connection. A setting of 0 disables this feature. The default is 0. .TP .B olcIndexSubstrIfMaxlen: @@ -483,7 +483,7 @@ at least this many characters in order to be processed. Attribute values longer than this length will be processed in segments of this length. The default is 4. The subany index will also be used in subinitial and subfinal index lookups when the filter string is longer than the -.I index_substr_if_maxlen +.I olcIndexSubstrIfMaxlen value. .TP .B olcIndexSubstrAnyStep: @@ -673,7 +673,9 @@ server's process ID ( see The ( absolute ) name of a file that will contain log messages from .B SLAPI -plugins. +plugins. See +.BR slapd.plugin (5) +for details. .TP .B olcReferral: Specify the referral to pass back when @@ -821,7 +823,8 @@ will recognize. .B olcTLSCACertificatePath: Specifies the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this -or the olcTLSCACertificateFile is used. +or the olcTLSCACertificateFile is defined. If both are specified, both +locations will be used. .TP .B olcTLSCertificateFile: Specifies the file that contains the @@ -1449,7 +1452,7 @@ care, as it does not offer any consistency guarantees. This feature is intended to be used with an external frontend that guarantees that writes are only directed to a single master, switching to an alternate server only if the original master goes down. -By default, mirrormode is FALSE. +By default, this setting is FALSE. .TP .B olcPlugin: [] Configure a SLAPI plugin. See the @@ -2035,6 +2038,14 @@ olcAccess: to attrs=userPassword by * auth # Read access to other attributes and entries. olcAccess: to * by * read +# set a rootpw for the config database so we can bind. +# deny access to everyone else. +dn: olcDatabase=config,cn=config +objectClass: olcDatabaseConfig +olcDatabase: config +olcRootPW: {SSHA}XKYnrjvGT3wZFQrDD5040US592LxsdLy +olcAccess: to * by * none + dn: olcDatabase=bdb,cn=config objectClass: olcDatabaseConfig objectClass: olcBdbConfig @@ -2071,8 +2082,20 @@ slapadd -F ETCDIR/slapd.d -n 0 -l config.ldif .LP "OpenLDAP Administrator's Guide" contains a longer annotated example of a slapd configuration. + +Alternatively, an existing slapd.conf file can be converted to the new +format using slapd or any of the slap tools: +.RS +.nf +slaptest -f ETCDIR/slapd.conf -F ETCDIR/slapd.d +.fi +.RE + .SH FILES .TP +ETCDIR/slapd.conf +default slapd configuration file +.TP ETCDIR/slapd.d default slapd configuration directory .SH SEE ALSO -- 2.39.5