mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-27 03:20:22 +08:00
175 lines
4.5 KiB
Groff
175 lines
4.5 KiB
Groff
.TH SLAPD 8C "3 April 1999" "OpenLDAP LDVERSION"
|
|
.SH NAME
|
|
slapd \- Stand-alone LDAP Daemon
|
|
.SH SYNOPSIS
|
|
.B LIBEXECDIR/slapd [\-d debug\-level]
|
|
.B [\-f slapd\-config\-file] [\-a address] [\-p port\-number]
|
|
.B [\-s syslog\-level] [\-l syslog\-local\-user] [\-i]
|
|
.B [\-u user] [\-g group]
|
|
.B
|
|
.SH DESCRIPTION
|
|
.LP
|
|
.B Slapd
|
|
is the stand-alone LDAP daemon. It listens for LDAP connections on
|
|
port 389, responding
|
|
to the LDAP operations it receives over these connections.
|
|
.B slapd
|
|
is typically invoked at boot time, usually out of
|
|
.BR /etc/rc.local .
|
|
Upon startup,
|
|
.B slapd
|
|
normally forks and disassociates itself from the invoking tty.
|
|
If configured in
|
|
.BR ETCDIR/slapd.conf ,
|
|
the
|
|
.B slapd
|
|
process will print its process ID ( see
|
|
.BR getpid (2)
|
|
) to a
|
|
.B .pid
|
|
file, as well as the command line options during invocation to an
|
|
.B .args
|
|
file ( see
|
|
.BR slapd.conf (5)
|
|
).
|
|
If the
|
|
.B \-d
|
|
flag is given and debugging is set to some non-zero
|
|
value,
|
|
.B slapd
|
|
will not fork and disassociate from the invoking tty.
|
|
.LP
|
|
.B Slapd
|
|
can be configured to provide replicated service for a database with
|
|
the help of
|
|
.BR slurpd ,
|
|
the standalone LDAP update replication daemon.
|
|
See
|
|
.BR slurpd (8)
|
|
for details.
|
|
.LP
|
|
See "The SLAPD and SLURPD Administrator's Guide" for more details on
|
|
.BR slapd .
|
|
.SH OPTIONS
|
|
.TP
|
|
.BI \-d " debug\-level"
|
|
Turn on debugging as defined by
|
|
.I debug\-level.
|
|
If this option is specified,
|
|
.B slapd
|
|
will not fork or disassociate from the invoking terminal. Some general
|
|
operation and status messages are printed for any value of \fIdebug\-level\fP.
|
|
\fIdebug\-level\fP is taken as a bit string, with each bit corresponding to a
|
|
different kind of debugging information. See <ldap.h> for details.
|
|
.TP
|
|
.BI \-s " syslog\-level"
|
|
This option tells
|
|
.B slapd
|
|
at what level debugging statements should be logged to the
|
|
.BR syslog (8)
|
|
facility.
|
|
.TP
|
|
.BI \-l " syslog\-local\-user"
|
|
Selects the local user of the
|
|
.BR syslog (8)
|
|
facility. Values can be
|
|
.BR LOCAL0 ,
|
|
.BR LOCAL1 ,
|
|
and so on, up to
|
|
.BR LOCAL7 .
|
|
The default is
|
|
.BR LOCAL4 .
|
|
However, this option is only permitted on systems that support
|
|
local users with the
|
|
.BR syslog (8)
|
|
facility.
|
|
.TP
|
|
.BI \-f " slapd\-config\-file"
|
|
Specifies the slapd configuration file. The default is
|
|
.BR ETCDIR/slapd.conf .
|
|
.TP
|
|
.BI \-a " address"
|
|
.B slapd
|
|
will listen on all addresses (INADDR_ANY) unless this option
|
|
is given to override the default. The address is expected in
|
|
Internet standard '.' format.
|
|
.TP
|
|
.BI \-p " port\-number"
|
|
.B slapd
|
|
will listen on the default LDAP port (389) unless this option is given
|
|
to override the default. A numeric port number is expected.
|
|
.TP
|
|
.BI \-T
|
|
If
|
|
.B slapd
|
|
is built with support for Transport Layer Security and this option is
|
|
given, it will bind on an additional port for TLS/SSL connections.
|
|
Notice that this is LDAP over raw TLS, not TLS with SASL that works
|
|
on the normal port.
|
|
.TP
|
|
.BI \-P " port\-number"
|
|
Changes the port where
|
|
.B slapd
|
|
will expect LDAP over raw TLS connections. If this option is not given,
|
|
the default port for this purpose (636) will be used. A numeric port
|
|
number is expected.
|
|
.TP
|
|
.BI \-u " user"
|
|
.B slapd
|
|
will run slapd with the specified user name or id, and that user's
|
|
supplementary group access list as set with initgroups(3). The group ID
|
|
is also changed to this user's gid, unless the -g option is used to
|
|
override.
|
|
.TP
|
|
.BI \-g " group"
|
|
.B slapd
|
|
will run with the specified group name or id.
|
|
.TP
|
|
.B \-i
|
|
This option tells
|
|
.B slapd
|
|
that it is being run from
|
|
.BR inetd(8) ,
|
|
the Internet protocol daemon.
|
|
.LP
|
|
Note that on some systems, running as a non-privileged user will prevent
|
|
passwd back-ends from accessing the encrypted passwords. Note also that
|
|
any shell back-ends will run as the specified non-privileged user.
|
|
.SH EXAMPLES
|
|
To start
|
|
.I slapd
|
|
and have it fork and detach from the terminal and start serving
|
|
the LDAP databases defined in the default config file, just type:
|
|
.LP
|
|
.nf
|
|
.ft tt
|
|
LIBEXECDIR/slapd
|
|
.ft
|
|
.fi
|
|
.LP
|
|
To start
|
|
.B slapd
|
|
with an alternate configuration file, and turn
|
|
on voluminous debugging which will be printed on standard error, type:
|
|
.LP
|
|
.nf
|
|
.ft tt
|
|
LIBEXECDIR/slapd -f ETCDIR/slapd.conf -d 255
|
|
.ft
|
|
.fi
|
|
.LP
|
|
.SH "SEE ALSO"
|
|
.BR ldap (3),
|
|
.BR slapd.conf (5),
|
|
.BR slurpd (8)
|
|
.LP
|
|
"The SLAPD and SLURPD Administrator's Guide"
|
|
.SH BUGS
|
|
When using the LDBM database backend, the Modify RDN operation does not
|
|
update the attribute values in the entry that are affected by the change.
|
|
.SH ACKNOWLEDGEMENTS
|
|
.B OpenLDAP
|
|
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
|
|
.B OpenLDAP
|
|
is derived from University of Michigan LDAP 3.3 Release.
|