General backend options

Options in this topic only apply to the backend in which they are defined. They are supported by every type of backend.

database

database databasetype

This option marks the beginning of a new database instance definition. databasetype should be one of ldbm, shell, or passwd, depending on which backend will serve the database.

For example:

database ldbm

This marks the beginning of a new LDBM backend database instance definition.

lastmod

lastmod { on | off }

This option controls whether slapd will automatically maintain the modifiersName, modifyTimestamp, creatorsName, and createTimestamp attributes for entries.

Default: lastmod off

readonly

readonly { on | off }

This option puts the database into ``read-only'' mode. Any attempts to modify the database will return an unwilling to perform error.

Default: readonly off

replica

replica host=hostname[:port]
             "binddn=DN"
             bindmethod=simple
             [credentials=password]

This option specifies a replication site for this database. The host parameter specifies a host and optionally a port where the slave slapd instance can be found. Either a domain name or IP address may be used for hostname. If port is not given, the standard LDAP port number (389) is used.

The binddn parameter gives the DN to bind as for updates to the slave slapd. It should be a DN which has read/write access to the slave slapd's database, typically given as a ``rootdn'' in the slave's configuration file. It must also match the updatedn option in the slave slapd's configuration file. Since DNs are likely to contain embedded spaces, the entire ``binddn=DN'' string should be enclosed in quotes.

bindmethod is simple, as only simple password-based authentication is currently available for connecting to the slave slapd. Simple authentication requires a valid password be given.

The credentials parameter, which is required for simple authentication, gives the password for binddn on the slave slapd. See ``LDAP replication'' for more details on replication.

replogfile

replogfile filename

This option specifies the name of the replication log file to which slapd will log changes. The replication log is typically written by slapd and read by slurpd. Normally, this option is only used if slurpd is being used to replicate the database. However, you can also use it to generate a transaction log, if slurpd is not running. In this case, you will need to periodically truncate the file, since it will grow indefinitely otherwise.

See ``LDAP replication'' for more details on replication.

rootdn

rootdn dn

This option specifies the DN of an entry that is not subject to access control or administrative limit restrictions for operations on this database.

For example:

rootdn "cn=Director, o=Antbear, Lucid & Popp, c=US"

rootpw

rootpw password

This option specifies a password for the DN given above that will always work, regardless of whether an entry with the given DN exists or has a password. This option is useful when creating a database and also when using slurpd to provide replication service (see ``LDAP replication'').

For example: rootpw secret

suffix

suffix dn suffix

This option specifies the DN suffix of queries that will be passed to the backend database.

For example: suffix "o=Antbear, Lucid & Popp, c=US"

Queries with a DN ending in ``o=Antbear, Lucid & Popp, c=US'' will be passed to this backend. Note that when the backend to pass a query to is selected, slapd looks at the suffix line(s) in each database definition in the order they appear in the file. Thus, if one database suffix is a prefix of another, it must appear after it in the configuration file.

updatedn

updatedn dn

This option is only applicable in a slave slapd. It specifies the DN allowed to make changes to the replica (typically, this is the DN slurpd binds as when making changes to the replica).