compare
The following is an example configuration file, interspersed with explanatory text. It defines two databases to handle different parts of the X.500 tree; both are LDBM database instances. The line numbers shown are provided for reference only and are not included in the actual file. First, the global configuration section:
1 # example config file - global configuration section 2 include /etc/ldap/adm/1/slapd.at.conf 3 include /etc/ldap/adm/1/slapd.oc.conf 4 schemacheck on 5 referral ldap://ldap.itd.antbear.comLine 1 is a comment. Lines 2 and 3 include other configuration files containing attribute and object class definitions, respectively. Line 4 turns on schema checking. The referral option on line 5 means that queries not local to one of the databases defined below will be referred to the LDAP server running on the standard port (389) at the host ldap.itd.antbear.com.
The next section of the configuration file defines an LDBM backend that will handle queries for things in the ``o=Antbear, Lucid & Popp, c=US'' portion of the tree. The database is to be replicated to two slave slapds, one on cayman, the other on gavial. Indexes are to be maintained for several attributes, and the userPassword attribute is to be protected from unauthorized access.
1 # ldbm definition for the database
2 database ldbm
3 suffix "o=Antbear, Lucid & Popp, c=US"
4 directory /var/ldap/databases/1
5
6 rootdn "cn=Director, o=Antbear, Lucid & Popp, c=US"
7 rootpw secret
8 replogfile /var/ldap/databases/1
9 replica host=cayman.rs.itd.antbear.com:389
10 binddn="cn=Replicator, o=Antbear, Lucid & Popp, c=US"
11 bindmethod=simple credentials=secret
16 # ldbm indexed attribute definitions
17 index cn,sn,uid pres,eq,approx,sub
18 index objectclass pres,eq
19 index default none
20 # ldbm access control definitions
21 defaultaccess read
22 access to attr=userpassword
23 by self write
24 by dn="cn=Admin, o=Antbear, Lucid & Popp, c=US" write
25 by compare
Line 1 is a comment. The start of the database definition is marked by the
database keyword on line 2. Line 3 specifies the DN suffix for
queries to pass to this database. Line 4 specifies the directory in which
the database files will live.
Lines 6 and 7 identify the database root user entry and associated password. This entry is not subject to access control or size or time limit restrictions.
Lines 8 through 11 are for replication. Line 8 specifies the replication log file (where changes to the database are logged; this file is written by slapd and read by slurpd). Lines 9 through 11 specify the hostname and port for a replicated host, the DN to bind as when performing updates, the bind method (simple) and the credentials (password) for the bind DN. See ``LDAP replication'' on slurpd for more information on these options.
Lines 12 through 15 indicate the indexes to maintain for various attributes. The default is not to maintain any indexes (line 15).
Lines 16 through 21 specify access control for entries in the database. For all entries, the userPassword attribute is writable by the entry and the ``admin'' entry, comparable by everyone else. All other attributes allow read access by default (line 17). Note that the special entry attribute is not required in the access directive beginning on line 18. This is because the default access is read.