GNU/Linux man pages
Livre :
Expressions régulières,
Syntaxe et mise en oeuvre :
GNU/Linux |
RedHat 6.2(Zoot) |
|
 |
slapd.conf(5) |
 |
slapd.conf − configuration file for slapd, the stand-alone LDAP daemon
/etc/openldap/slapd.conf
The file /etc/openldap/slapd.conf contains configuration information for the slapd(8) daemon. This configuration file is also used by the slurpd(8) replication daemon and by the LDBM indexing utilities ldif2ldbm(8), ldif2index(8), ldif2id2entry(8), and ldif2id2children(8).
The slapd.conf file consists of a series of global configuration options that apply to slapd as a whole (including all backends), followed by zero or more database backend definitions that contain information specific to a backend instance.
The general format of slapd.conf is as follows:
# comment -
these options apply to every database
<global configuration options>
# first database definition & configuration options
|
<backend 1 type> |
<configuration options
specific to backend 1>
# subsequent database definitions & configuration
options
...
As many backend-specific sections as desired may be included. Global options can be overridden in a backend (for options that appear more than once, the last appearance in the slapd.conf file is used). Blank lines and comment lines beginning with a ’#’ character are ignored. If a line begins with white space, it is considered a continuation of the previous line.
Arguments on configuration lines are separated by white space. If an argument contains white space, the argument should be enclosed in double quotes. If an argument contains a double quote (’"’) or a backslash character (’\’), the character should be preceded by a backslash character.
The specific configuration options available are discussed below in the Global Configuration Options, General Backend Options, LDBM Backend-Specific Options, Shell Backend-Specific Options, and Password Backend-Specific Options sections. Refer to "The SLAPD and SLURPD Administrator’s Guide" for more details on the slapd configuration file.
Options
described in this section apply to all backends, unless
specifically overridden in a backend definition. Arguments
that should be replaced by actual text are shown in brackets
<>.
access to <what> [ by <who> <accesslevel>
]+
Grant access (specified by <accesslevel>) to a set of entries and/or attributes (specified by <what>) by one or more requestors (specified by <who>). Refer to "The SLAPD and SLURPD Administrator’s Guide" for information on using the slapd access-control mechanisms.
attribute <name> [<name2>] { bin | ces | cis | tel | dn }
Associate a syntax with an attribute name. By default, an attribute is assumed to have syntax cis. An optional alternate name can be given for an attribute. The possible syntaxes and their meanings are:
|
bin |
binary |
|||
|
ces |
case exact string |
|||
|
cis |
case ignore string |
|||
|
tel |
telephone number string |
|||
|
dn |
distinguished name |
defaultaccess { none | compare | search | read | write | delete }
Specify the default access to grant requestors not matched by any other access line. The default behavior is to grant read access.
include <filename>
Read additional configuration information from the given file before continuing with the next line of the current file.
pidfile <filename>
The ( absolute ) name of a file that will hold the slapd server’s process ID ( see getpid(2) ) if started without the debugging command line option.
argsfile <filename>
The ( absolute ) name of a file that will hold the slapd server’s command line options if started without the debugging command line option.
loglevel <integer>
Specify the level at which debugging statements and operation statistics should be syslogged (currently logged to the syslogd(8) LOG_LOCAL4 facility). Log levels are additive, and available levels are:
|
1 |
trace function calls | ||
|
2 |
debug packet handling | ||
|
4 |
heavy trace debugging | ||
|
8 |
connection management | ||
|
16 |
print out packets sent and received | ||
|
32 |
search filter processing | ||
|
64 |
configuration file processing | ||
|
128 |
access control list processing | ||
|
256 |
stats log connections/operations/results | ||
|
512 |
stats log entries sent | ||
|
1024 |
print communication with shell backends | ||
|
2048 |
entry parsing |
objectclass <name> requires <attrs> allows <attrs>
Define the schema rules for the object class named <name>. These are used in conjunction with the schemacheck option.
referral <url>
Specify the referral to pass back when slapd(8) cannot find a local database to handle a request.
schemacheck { on | off }
Turn schema checking on or off. The default is off.
sizelimit <integer>
Specify the maximum number of entries to return from a search operation. The default size limit is 500.
srvtab <filename>
Specify the srvtab file in which the kerberos keys necessary for authenticating clients using kerberos can be found. This option is only meaningful if you are using Kerberos authentication.
timelimit <integer>
Specify the maximum number of seconds (in real time) slapd will spend answering a search request. The default time limit is 3600.
Options in this
section only apply to the configuration file section for the
backend in which they are defined. They are supported by
every type of backend.
database <databasetype>
Mark the beginning of a new database instance definition. <databasetype> should be one of ldbm, shell, or passwd depending on which backend will serve the database.
lastmod on | off
Controls whether slapd will automatically maintain the modifiersName, modifyTimestamp, creatorsName, and createTimestamp attributes for entries. By default, lastmod is off.
readonly on | off
This option puts the database into "read-only" mode. Any attempts to modify the database will return an "unwilling to perform" error. By default, readonly is off.
replica host=<hostname>[:port] "binddn=<DN>" bindmethod=simple |
kerberos
[credentials=<password>] [srvtab=<filename>]
Specify a replication site for this database. Refer to
"The SLAPD and SLURPD Administrator’s Guide"
for detailed information on setting up a replicated
slapd directory service.
replogfile <filename>
Specify the name of the replication log file to log changes to. The replication log is typically written by slapd(8) and read by slurpd(8). See slapd.replog(5) for more information.
rootdn <dn>
Specify the DN of an entry that is not subject to access control or administrative limit restrictions for operations on this database.
rootpw <password>
Specify a password (or hash of the password) for the rootdn. This option accepts all password formats known to the server including {SHA}, {MD5}, {CRYPT}, and cleartext. Cleartext passwords are not recommended.
suffix <dn suffix>
Specify the DN suffix of queries that will be passed to this backend database. Multiple suffix lines can be given and at least one is required for each database definition.
updatedn <dn>
This option is only applicable in a slave slapd. It specifies the DN allowed to make changes to the replica (typically, this is the DN slurpd(8) binds as when making changes to the replica).
Options in this
category only apply to the LDBM backend database. That is,
they must follow a "database ldbm" line and come
before any subsequent "database" lines. The LDBM
backend is a high-performance database that makes extensive
use of indexing and caching to speed data access.
cachesize <integer>
Specify the size in entries of the in-memory cache maintained by the LDBM backend database instance. The default is 1000 entries.
dbcachesize <integer>
Specify the size in bytes of the in-memory cache associated with each open index file. If not supported by the underlying database method, this option is ignored without comment. The default is 100000 bytes.
dbcachenowsync
Specify that database writes should not be immediately synchronized with in memory changes. Enabling this option may improve performance at the expense of data security.
directory <directory>
Specify the directory where the LDBM files containing the database and associated indexes live. The default is /usr/tmp.
index { <attrlist> | default } [ pres,eq,approx,sub,none ]
Specify the indexes to maintain for the given attribute. If only an <attr> is given, all possible indexes are maintained.
mode <integer>
Specify the file protection mode that newly created database index files should have. The default is 0600.
Options in this
category only apply to the SHELL backend database. That is,
they must follow a "database shell" line and come
before any subsequent "database" lines. The Shell
backend executes external programs to implement operations,
and is designed to make it easy to tie an existing database
to the slapd front-end.
bind <pathname>
unbind <pathname>
search <pathname>
compare <pathname>
modify <pathname>
modrdn <pathname>
add <pathname>
delete <pathname>
abandon <pathname>
These options specify the pathname of the command to execute in response to the given LDAP operation. The command given should understand and follow the input/output conventions described in Appendix B of "The SLAPD and SLURPD Administrator’s Guide."
Note that you need only supply configuration lines for those commands you want the backend to handle. Operations for which a command is not supplied will be refused with an "unwilling to perform" error.
Options in this
category only apply to the PASSWD backend database. That is,
they must follow a "database passwd" line and come
before any subsequent "database" lines. The PASSWD
database serves up the user account information listed in
the system passwd(5) file.
file <filename>
Specifies an alternate passwd file to use. The default is /etc/passwd.
"The SLAPD and SLURPD Administrator’s Guide" contains an annotated example of a configuration file.
/etc/openldap/slapd.conf
ldap(3), slapd.replog(5), passwd(5), slapd(8), slurpd(8),
"The SLAPD and SLURPD Administrator’s Guide"
OpenLDAP is developed and maintained by The OpenLDAP Project (http://www.openldap.org/). OpenLDAP is derived from University of Michigan LDAP 3.3 Release.
|
slapd.conf(5) | |