The file slapd.conf contains configuration information for the slapd(8) daemon. This configuration information is also used by the slurpd(8) replication daemon and by the LDBM indexing utilities ldif2ldbm(1M), ldif2index(8), ldif2id2entry(8), and ldif2id2children(8).
The slapd.conf file consists of a series of global configuration options that apply to slapd as a whole (including all data stores), followed by zero or more definitions that contain information specific to a data store.
The general format of slapd.conf is as follows:
As many data store sections as desired may be included. Global options can be overridden in a data store (for options that appear more than once, the last appearance in the slapd.conf file is used). Blank lines and comment lines beginning with a hash character (#) are ignored. If a line begins with white space, it is considered a continuation of the previous line.
Arguments on configuration lines are separated by white space. If an argument contains white space, the argument must be enclosed in double quotes. If an argument contains a double quote (") or a backslash character (\), the character should be preceded by a backslash character.
The specific configuration options available are described in "Global Configuration Options", "Access Control Configuration Options", and "Data Store Options."
Options described in this section apply to all data stores, unless specifically overridden in a data store definition. Arguments that should be replaced by actual text are emphasized.
attribute name [name2] { bin | ces | cis | tel | dn }
Associate a syntax with an attribute name. By default, an attribute is assumed to have syntax cis. An optional alternate name can be given for an attribute. The possible syntaxes and their meanings are:
bin - Binary
ces - Case-exact string
cis - Case ignore string
tel - Telephone number string
dn - Distinguished name Attribute definitions are stored in slapd.at.conf .
defaultaccess { none | compare | search | read | write | delete }
Specify the default access to grant requestors not matched by any other access line. The default behavior is to grant read access.
bindderef { on | off }
If bindderef is set to on, an alias included in a bind request is dereferenced. Otherwise, the alias is used to bind.
include filename
Read additional configuration information from the given file before continuing with the next line of the current file.
loglevel integer
Specify the level at which debugging statements and operation statistics should be logged (currently logged to the syslogd(8) LOG_LOCAL4 facility). Log levels are additive, and available levels are:
1 - Trace function calls
2 - Debug packet handling
4 - Heavy trace debugging
8 - Connection management
16 - Print out packets sent and received
32 - Search filter processing
64 - Configuration file processing
128 - Access control list processing
256 - Stats log connections/operations/results
512 - Stats log entries sent
2048 - Entry parsing objectclass name requires attrs allows attrs
Define the schema rules for the object class name. These are used in conjunction with the schemacheck option. Object class definitions are stored in slapd.oc.conf.
protected { crypt | none }
Specifies the method with which passwords stored in the directory are encrypted. A password can be encrypted using crypt(1) or not encrypted.
referral url
Specify the referral to pass back when slapd(8) cannot find a local database to handle a request.
schemacheck { on | off }
Turn schema checking on or off. The default is off.
sizelimit integer
Specify the maximum number of entries to return from a search operation. The default size limit is 500.
timelimit integer
Specify the maximum number of seconds (in real time) slapd will spend answering a search request. The default time limit is 3600.
The following options specify access control permissions.
access to what [ by who accesslevel ] +
Grant access (specified by accesslevel) to a set of entries and/or attributes (specified by what) by one or more requestors (specified by who).
Options in this section only apply to the configuration file section for the data store in which they are defined.
database databasetype
Marks the beginning of a new database instance definition. databasetype is always ldbm.
lastmod on | off
Controls whether slapd will automatically maintain the modifiersName, modifyTimestamp, creatorsName, and createTimestamp attributes for entries. The default value for lastmod is off.
readonly on | off
Puts the database into read-only mode. Any attempts to modify the database will return an "unwilling to perform" error. The default value for readonly is off.
replica host=hostname [:port ] "binddn=DN" bindmethod=simple
Specifies a replication site for this database.
replogfile filename
Specifies the name of the replication log file to log changes to. The replication log is typically written by slapd(8) and read by slurpd(8). See "slapd.replog File Format" for more information.
rootdn dn
Specifies the DN of an entry that is not subject to access control or administrative limit restrictions for operations on this database.
rootpw password
Specifies a password for the rootdn. The password can be encrypted using crypt(1). If the password is encrypted, the value in the file is preceded by {crypt}. If the value is not encrypted, it is preceded by {none}.
suffix dn suffix
Specifies the DN suffix of queries that will be passed to this data store. Multiple suffix lines can be given and at least one is required for each database definition.
updatedn dn
This option is only applicable in a replica data store. It specifies the DN allowed to make changes to the replica (typically, this is the DN slurpd(8) binds as when making changes to the replica).
cachesize integer
Specifies the size in entries of the in-memory cache maintained by the data store. The default is 1000 entries.
dbcachesize integer
Specifies the size in bytes of the in-memory cache associated with each open index file. The default is 100000 bytes.
directory directory
Specifies the directory where the LDBM files containing the database and associated indexes are located. The default is
/usr/tmp.index { attrlist | default } [ pres, eq, approx, sub, none ]
Specifies the indexes to maintain for the given attribute. If only an attrlist is given, all possible indexes are maintained.
mode integer
Specifies the file protection mode that newly created database index files should have. The default is 0600.