Configuration

The /usr/local/etc/openldap/slapd.conf configuration file contains configuration information that is used by the various OpenLDAP components. The configuration file consists of a series of global configuration options that apply to the OpenLDAP standalone daemon (slapd) as a whole, including the backends, followed by zero or more backend definitions that contain information specific to one instance of a backend.

If two database backends are specified in a configuration file, you must specify a different directory for each database.

The following file is an example of a /usr/local/etc/openldap/slapd.conf configuration file for a z/TPF system:

#
# See slapd.conf(5) for details on configuration options.
#
include        /usr/local/etc/openldap/schema/core.schema
include        /usr/local/etc/openldap/schema/cosine.schema
include        /usr/local/etc/openldap/schema/inetorgperson.schema


pidfile        /usr/local/var/run/slapd.pid
argsfile       /usr/local/var/run/slapd.args

#######################################################################
# BDB database definitions
#######################################################################

database      bdb
suffix        "dc=my-domain,dc=com"
rootdn        "cn=Manager,dc=my-domain,dc=com"
rootpw        secret
directory     /usr/local/var/openldap-data
index         objectClass	eq

If you are using replication, you will need a configuration file for both servers. Here is an example of a configuration file for the provider server:


Provider slapd.conf:

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		/usr/local/etc/openldap/schema/core.schema
include		/usr/local/etc/openldap/schema/cosine.schema
include		/usr/local/etc/openldap/schema/inetorgperson.schema

pidfile    /usr/local/var/run/slapd.pid
argsfile   /usr/local/var/run/slapd.args


#######################################################################
# BDB database definitions
#######################################################################

database   bdb
suffix		  "o=replDB"
rootdn 	  "cn=replman,o=replDB"
rootpw     secret
directory  /usr/local/var/openldap-data
index      objectclass,entryCSN,entryUUID eq

overlay    syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

Here is an example of a configuration file for a consumer server using refreshAndPersist replication:


Consumer slapd.conf:

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		/usr/local/etc/openldap/schema/core.schema
include		/usr/local/etc/openldap/schema/cosine.schema
include		/usr/local/etc/openldap/schema/inetorgperson.schema

pidfile    /usr/local/var/run/slapd.pid
argsfile   /usr/local/var/run/slapd.args


#######################################################################
# BDB database definitions
#######################################################################

database   bdb
suffix		  "o=replDB"
rootdn 	  "cn=replman,o=replDB"
rootpw     secret
directory	/usr/local/var/openldap-data
index	    objectclass,entryCSN,entryUUID eq

syncrepl   rid=321
           provider=ldap://<mainIPaddress>:389
           type=refreshAndPersist
           retry="120 +"
           searchbase="o=replDB"
           bindmethod=simple
           binddn="cn=replman,o=replDB"
           credentials=secret

For an N-way multi-provider configuration, assume there are three providers (ldap1.example.com, ldap2.example.com, and ldap3.example.com) using syncrepl N-Way multi-provider. The three providers would have slapd.conf files as shown in the following examples.

slapd.conf for ldap1.example.com

include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
serverID    001

pidfile	/usr/local/var/run/slapd.pid
argsfile	/usr/local/var/run/slapd.args

#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "dc=my-domain,dc=com"
rootdn "cn=Manager,dc=my-domain,dc=com"
rootpw secret
directory /usr/local/var/openldap-data
index objectClass eq

# NOTE: 
# syncrepl directives for each of the other providers
# provider is ldap://ldap2.example.com:389,

syncrepl rid=001
   provider=ldap://ldap2.example.com:389
   type=refreshAndPersist
   retry="120 +"
   searchbase="dc=example,dc=com"
   bindmethod=simple
   binddn="cn=Manager,dc=example,dc=com"
   credentials=secret

syncrepl rid=002
   provider=ldap://ldap3.example.com:389
   type=refreshAndPersist
   retry="120 +"
   searchbase="dc=example,dc=com"
   bindmethod=simple
   binddn="cn=Manager,dc=example,dc=com"
   credentials=secret

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

mirrormode on

cachesize      500
idlcachesize   500
dncachesize    500
cachefree      50

searchstack 8
threads 8
sizelimit 2000000

slapd.conf for ldap2.example.com

include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
serverID    002

pidfile	/usr/local/var/run/slapd.pid
argsfile	/usr/local/var/run/slapd.args

#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "dc=my-domain,dc=com"
rootdn "cn=Manager,dc=my-domain,dc=com"
rootpw secret
directory /usr/local/var/openldap-data
index objectClass eq

# NOTE: syncrepl directives for each of the other providers:
syncrepl rid=001
   provider=ldap://ldap1.example.com:389
   type=refreshAndPersist
   retry="120 +"
   searchbase="dc=example,dc=com"
   bindmethod=simple
   binddn="cn=Manager,dc=example,dc=com"
   credentials=secret

syncrepl rid=002
   provider=ldap://ldap3.example.com:389
   type=refreshAndPersist
   retry="120 +"
   searchbase="dc=example,dc=com"
   bindmethod=simple
   binddn="cn=Manager,dc=example,dc=com"
   credentials=secret

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

mirrormode on

cachesize      500
idlcachesize   500
dncachesize    500
cachefree      50

searchstack 8
threads 8
sizelimit 2000000

slapd.conf for ldap3.example.com

include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
serverID    003

pidfile	/usr/local/var/run/slapd.pid
argsfile	/usr/local/var/run/slapd.args

#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "dc=my-domain,dc=com"
rootdn "cn=Manager,dc=my-domain,dc=com"
rootpw secret
directory /usr/local/var/openldap-data
index objectClass eq

# NOTE: syncrepl directives for each of the other providers:
syncrepl rid=001
   provider=ldap://ldap1.example.com:389
   type=refreshAndPersist
   retry="120 +"
   searchbase="dc=example,dc=com"
   bindmethod=simple
   binddn="cn=Manager,dc=example,dc=com"
   credentials=secret

syncrepl rid=002
   provider=ldap://ldap2.example.com:389
   type=refreshAndPersist
   retry="120 +"
   searchbase="dc=example,dc=com"
   bindmethod=simple
   binddn="cn=Manager,dc=example,dc=com"
   credentials=secret

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

mirrormode on

cachesize      500
idlcachesize   500
dncachesize    500
cachefree      50

searchstack 8
threads 8
sizelimit 2000000

Related information:

For more information about changing the OpenLDAP configuration options, see Change the OpenLDAP configuration options.
For more information about configuring slapd, including the configuration layout and configuration directives, go to http://www.openldap.org/doc/admin24/slapdconf2.html.
For more information about the slapd.conf file, go to http://www.openldap.org/software/man.cgi?query=slapd.conf&sektion=5&apropos=0&manpath=OpenLDAP+2.4-Release