1999-09-12 12:41:47 +08:00
|
|
|
.\" $OpenLDAP$
|
2002-01-05 05:17:25 +08:00
|
|
|
.\" Copyright 1998-2002 The OpenLDAP Foundation All Rights Reserved.
|
1999-09-12 12:41:47 +08:00
|
|
|
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
|
2002-06-13 11:59:10 +08:00
|
|
|
.TH SLAPD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
|
1998-08-09 08:43:13 +08:00
|
|
|
.SH NAME
|
|
|
|
slapd \- Stand-alone LDAP Daemon
|
|
|
|
.SH SYNOPSIS
|
1999-07-20 05:45:11 +08:00
|
|
|
.B LIBEXECDIR/slapd
|
2002-06-16 06:01:39 +08:00
|
|
|
.B [\-[4|6]]
|
2002-04-16 03:18:54 +08:00
|
|
|
.B [\-d debug\-level]
|
1999-07-20 05:45:11 +08:00
|
|
|
.B [\-f slapd\-config\-file]
|
|
|
|
.B [\-h URLs]
|
2000-05-27 03:52:40 +08:00
|
|
|
.B [\-n service\-name] [\-s syslog\-level] [\-l syslog\-local\-user]
|
2000-08-14 05:59:42 +08:00
|
|
|
.B [\-r directory]
|
2002-04-16 03:18:54 +08:00
|
|
|
.B [\-u user] [\-g group] [\-t]
|
1998-08-09 08:43:13 +08:00
|
|
|
.B
|
|
|
|
.SH DESCRIPTION
|
|
|
|
.LP
|
|
|
|
.B Slapd
|
|
|
|
is the stand-alone LDAP daemon. It listens for LDAP connections on
|
1999-07-20 05:45:11 +08:00
|
|
|
any number of ports (default 389), responding
|
1998-08-09 08:43:13 +08:00
|
|
|
to the LDAP operations it receives over these connections.
|
|
|
|
.B slapd
|
|
|
|
is typically invoked at boot time, usually out of
|
|
|
|
.BR /etc/rc.local .
|
|
|
|
Upon startup,
|
|
|
|
.B slapd
|
|
|
|
normally forks and disassociates itself from the invoking tty.
|
1999-01-21 23:53:54 +08:00
|
|
|
If configured in
|
|
|
|
.BR ETCDIR/slapd.conf ,
|
|
|
|
the
|
1999-01-08 17:59:09 +08:00
|
|
|
.B slapd
|
1999-01-21 23:53:54 +08:00
|
|
|
process will print its process ID ( see
|
1999-01-08 17:59:09 +08:00
|
|
|
.BR getpid (2)
|
1999-01-21 23:53:54 +08:00
|
|
|
) to a
|
|
|
|
.B .pid
|
|
|
|
file, as well as the command line options during invocation to an
|
1999-01-08 17:59:09 +08:00
|
|
|
.B .args
|
1999-01-21 23:53:54 +08:00
|
|
|
file ( see
|
|
|
|
.BR slapd.conf (5)
|
|
|
|
).
|
1998-08-09 08:43:13 +08:00
|
|
|
If the
|
|
|
|
.B \-d
|
1999-09-05 04:24:40 +08:00
|
|
|
flag is given, even with a zero argument,
|
1998-08-09 08:43:13 +08:00
|
|
|
.B slapd
|
|
|
|
will not fork and disassociate from the invoking tty.
|
|
|
|
.LP
|
|
|
|
.B Slapd
|
|
|
|
can be configured to provide replicated service for a database with
|
|
|
|
the help of
|
|
|
|
.BR slurpd ,
|
|
|
|
the standalone LDAP update replication daemon.
|
|
|
|
See
|
|
|
|
.BR slurpd (8)
|
|
|
|
for details.
|
|
|
|
.LP
|
2000-08-18 10:58:05 +08:00
|
|
|
See the "OpenLDAP Administrator's Guide" for more details on
|
1998-08-09 08:43:13 +08:00
|
|
|
.BR slapd .
|
|
|
|
.SH OPTIONS
|
|
|
|
.TP
|
2002-06-16 06:01:39 +08:00
|
|
|
.B \-4
|
|
|
|
Listen on IPv4 addresses only.
|
|
|
|
.TP
|
|
|
|
.B \-6
|
|
|
|
Listen on IPv6 addresses only.
|
|
|
|
.TP
|
1998-08-09 08:43:13 +08:00
|
|
|
.BI \-d " debug\-level"
|
|
|
|
Turn on debugging as defined by
|
|
|
|
.I debug\-level.
|
1999-09-05 04:24:40 +08:00
|
|
|
If this option is specified, even with a zero argument,
|
1998-08-09 08:43:13 +08:00
|
|
|
.B slapd
|
|
|
|
will not fork or disassociate from the invoking terminal. Some general
|
|
|
|
operation and status messages are printed for any value of \fIdebug\-level\fP.
|
|
|
|
\fIdebug\-level\fP is taken as a bit string, with each bit corresponding to a
|
|
|
|
different kind of debugging information. See <ldap.h> for details.
|
2002-04-13 18:56:16 +08:00
|
|
|
Remember that if you turn on packet logging, packets containing bind passwords
|
|
|
|
will be output, so if you redirect the log to a logfile, that file should
|
|
|
|
be read-protected.
|
1998-08-09 08:43:13 +08:00
|
|
|
.TP
|
|
|
|
.BI \-s " syslog\-level"
|
|
|
|
This option tells
|
|
|
|
.B slapd
|
|
|
|
at what level debugging statements should be logged to the
|
|
|
|
.BR syslog (8)
|
|
|
|
facility.
|
|
|
|
.TP
|
2000-05-27 03:52:40 +08:00
|
|
|
.BI \-n " service\-name"
|
|
|
|
Specifies the service name for logging and other purposes. Defaults
|
|
|
|
to basename of argv[0], i.e.: "slapd".
|
|
|
|
.TP
|
1999-01-08 18:09:07 +08:00
|
|
|
.BI \-l " syslog\-local\-user"
|
1999-01-08 17:59:09 +08:00
|
|
|
Selects the local user of the
|
|
|
|
.BR syslog (8)
|
|
|
|
facility. Values can be
|
|
|
|
.BR LOCAL0 ,
|
|
|
|
.BR LOCAL1 ,
|
|
|
|
and so on, up to
|
|
|
|
.BR LOCAL7 .
|
|
|
|
The default is
|
|
|
|
.BR LOCAL4 .
|
|
|
|
However, this option is only permitted on systems that support
|
|
|
|
local users with the
|
|
|
|
.BR syslog (8)
|
|
|
|
facility.
|
|
|
|
.TP
|
1998-08-09 08:43:13 +08:00
|
|
|
.BI \-f " slapd\-config\-file"
|
|
|
|
Specifies the slapd configuration file. The default is
|
|
|
|
.BR ETCDIR/slapd.conf .
|
|
|
|
.TP
|
1999-07-20 05:45:11 +08:00
|
|
|
.BI \-h " URLlist"
|
1999-03-17 11:56:25 +08:00
|
|
|
.B slapd
|
2002-04-11 15:39:51 +08:00
|
|
|
will by default serve
|
1999-07-20 05:45:11 +08:00
|
|
|
.B ldap:///
|
2000-08-08 06:29:55 +08:00
|
|
|
(LDAP over TCP on all interfaces on default LDAP port). That is,
|
2002-04-11 15:39:51 +08:00
|
|
|
it will bind using INADDR_ANY and port 389.
|
1999-07-20 05:45:11 +08:00
|
|
|
The
|
|
|
|
.B \-h
|
2002-10-23 22:22:21 +08:00
|
|
|
option may be used to specify LDAP (and other scheme) URLs to serve.
|
1999-07-20 05:45:11 +08:00
|
|
|
For example, if slapd is given
|
2002-11-25 05:52:48 +08:00
|
|
|
.B "\-h \(dqldap://127.0.0.1:9009/ ldaps:/// ldapi:///\(dq",
|
2000-11-06 05:34:53 +08:00
|
|
|
It will bind 127.0.0.1:9009 for LDAP, 0.0.0.0:636 for LDAP over TLS,
|
|
|
|
and LDAP over IPC (Unix domain sockets). Host 0.0.0.0 represents
|
|
|
|
INADDR_ANY.
|
|
|
|
A space separated list of URLs is expected. The URLs should be of
|
2000-08-08 06:29:55 +08:00
|
|
|
LDAP (ldap://) or LDAP over TLS (ldaps://) or LDAP over IPC (ldapi://)
|
2002-10-23 22:22:21 +08:00
|
|
|
scheme without a DN or other optional parameters, except an experimental
|
|
|
|
extension to indicate the permissions of the underlying socket, on those
|
|
|
|
OSes that honor them. Support for the
|
2000-08-08 06:29:55 +08:00
|
|
|
latter two schemes depends on selected configuration options. Hosts
|
|
|
|
may be specified by name or IPv4 and IPv6 address formats.
|
|
|
|
Ports, if specfied, must be numeric. The default ldap:// port is 389
|
|
|
|
and the default ldaps:// port is 636.
|
2002-10-23 22:22:21 +08:00
|
|
|
The socket permissions for LDAP over IPC are indicated by
|
|
|
|
"x-mod=-rwxrwxrwx", "x-mod=0777" or "x-mod=777", where any
|
|
|
|
of the "rwx" can be "-" to suppress the related permission (note,
|
|
|
|
however, that sockets only honor the "w" permission), while any
|
|
|
|
of the "7" can be any legal octal digit, according to chmod(1).
|
1999-03-17 11:56:25 +08:00
|
|
|
.TP
|
2000-08-14 05:59:42 +08:00
|
|
|
.BI \-r " directory"
|
2000-10-10 07:53:35 +08:00
|
|
|
Specifies a chroot "jail" directory. slapd will
|
|
|
|
.BR chdir (2)
|
|
|
|
then
|
2000-08-14 05:59:42 +08:00
|
|
|
.BR chroot (2)
|
2002-04-08 17:43:22 +08:00
|
|
|
to this directory after opening listeners but before reading
|
2000-08-14 05:59:42 +08:00
|
|
|
any configuration file or initializing any backend.
|
|
|
|
.TP
|
1999-04-21 08:40:20 +08:00
|
|
|
.BI \-u " user"
|
1999-04-03 11:19:07 +08:00
|
|
|
.B slapd
|
|
|
|
will run slapd with the specified user name or id, and that user's
|
|
|
|
supplementary group access list as set with initgroups(3). The group ID
|
1999-04-21 08:40:20 +08:00
|
|
|
is also changed to this user's gid, unless the -g option is used to
|
1999-04-03 11:19:07 +08:00
|
|
|
override.
|
|
|
|
.TP
|
1999-04-21 08:40:20 +08:00
|
|
|
.BI \-g " group"
|
1999-04-03 11:19:07 +08:00
|
|
|
.B slapd
|
|
|
|
will run with the specified group name or id.
|
|
|
|
.LP
|
|
|
|
Note that on some systems, running as a non-privileged user will prevent
|
|
|
|
passwd back-ends from accessing the encrypted passwords. Note also that
|
|
|
|
any shell back-ends will run as the specified non-privileged user.
|
2002-04-16 03:18:54 +08:00
|
|
|
.TP
|
|
|
|
.BI \-t
|
|
|
|
.B slapd
|
|
|
|
will read the configuration file (the default if none is given with the
|
|
|
|
\fI\-f\fP switch) and check its syntax, without opening any listener
|
|
|
|
or database.
|
1998-08-09 08:43:13 +08:00
|
|
|
.SH EXAMPLES
|
|
|
|
To start
|
|
|
|
.I slapd
|
|
|
|
and have it fork and detach from the terminal and start serving
|
|
|
|
the LDAP databases defined in the default config file, just type:
|
|
|
|
.LP
|
|
|
|
.nf
|
|
|
|
.ft tt
|
1998-08-20 02:19:39 +08:00
|
|
|
LIBEXECDIR/slapd
|
1998-08-09 08:43:13 +08:00
|
|
|
.ft
|
|
|
|
.fi
|
|
|
|
.LP
|
|
|
|
To start
|
|
|
|
.B slapd
|
|
|
|
with an alternate configuration file, and turn
|
|
|
|
on voluminous debugging which will be printed on standard error, type:
|
|
|
|
.LP
|
|
|
|
.nf
|
|
|
|
.ft tt
|
2002-04-30 04:24:29 +08:00
|
|
|
LIBEXECDIR/slapd -f /var/tmp/slapd.conf -d 255
|
1998-08-09 08:43:13 +08:00
|
|
|
.ft
|
|
|
|
.fi
|
|
|
|
.LP
|
2002-04-16 03:18:54 +08:00
|
|
|
To test whether the configuration file is correct or not, type:
|
|
|
|
.LP
|
|
|
|
.nf
|
|
|
|
.ft tt
|
|
|
|
LIBEXECDIR/slapd -t
|
|
|
|
.ft
|
|
|
|
.fi
|
|
|
|
.LP
|
1998-08-09 08:43:13 +08:00
|
|
|
.SH "SEE ALSO"
|
|
|
|
.BR ldap (3),
|
|
|
|
.BR slapd.conf (5),
|
2002-04-13 23:08:03 +08:00
|
|
|
.BR slapd.access (5),
|
1998-08-09 08:43:13 +08:00
|
|
|
.BR slurpd (8)
|
|
|
|
.LP
|
2000-08-25 07:18:06 +08:00
|
|
|
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
|
1998-08-09 08:43:13 +08:00
|
|
|
.SH BUGS
|
1999-09-20 01:57:16 +08:00
|
|
|
See http://www.openldap.org/its/
|
1998-10-25 09:41:42 +08:00
|
|
|
.SH ACKNOWLEDGEMENTS
|
|
|
|
.B OpenLDAP
|
|
|
|
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
|
|
|
|
.B OpenLDAP
|
|
|
|
is derived from University of Michigan LDAP 3.3 Release.
|