slapd(8)


NAME

   slapd - Stand-alone LDAP Daemon

SYNOPSIS

   /usr/sbin/slapd            [-4|-6]           [-T {acl|a[dd]|auth|c[at]|
   d[n]|i[ndex]|p[asswd]|s[chema]|t[est]}]   [-d debug-level]   [-f slapd-
   config-file]  [-F slapd-config-directory]  [-h URLs]  [-n service-name]
   [-s syslog-level]      [-l syslog-local-user]       [-o option[=value]]
   [-r directory] [-u user] [-g group] [-c cookie]

DESCRIPTION

   Slapd  is  the stand-alone LDAP daemon. It listens for LDAP connections
   on any number of ports (default 389), responding to the LDAP operations
   it receives over these connections.  slapd is typically invoked at boot
   time, usually out of /etc/rc.local.  Upon startup, slapd normally forks
   and  disassociates  itself from the invoking tty.  If configured in the
   config file (or config directory), the slapd  process  will  print  its
   process  ID (see getpid(2)) to a .pid file, as well as the command line
   options during invocation to an .args file (see slapd.conf(5)).  If the
   -d  flag  is  given, even with a zero argument, slapd will not fork and
   disassociate from the invoking tty.

   See the "OpenLDAP Administrator's Guide" for more details on slapd.

OPTIONS

   -4     Listen on IPv4 addresses only.

   -6     Listen on IPv6 addresses only.

   -T tool
          Run in Tool mode. The tool argument selects whether  to  run  as
          slapadd,  slapcat, slapdn, slapindex, slappasswd, slapschema, or
          slaptest (slapacl and slapauth need  the  entire  acl  and  auth
          option  value  to  be spelled out, as a is reserved to slapadd).
          This option should be the first  option  specified  when  it  is
          used;   any   remaining  options  will  be  interpreted  by  the
          corresponding slap tool program, according to the respective man
          pages.   Note  that these tool programs will usually be symbolic
          links to slapd.  This option is provided  for  situations  where
          symbolic links are not provided or not usable.

   -d debug-level
          Turn  on debugging as defined by debug-level.  If this option is
          specified, even with a zero argument, slapd  will  not  fork  or
          disassociate from the invoking terminal.  Some general operation
          and status messages are printed for any  value  of  debug-level.
          debug-level   is   taken   as   a  bit  string,  with  each  bit
          corresponding to a  different  kind  of  debugging  information.
          Comma-separated  arrays  of  friendly  names can be specified to
          select  debugging  output   of   the   corresponding   debugging
          information.  All the names recognized by the loglevel directive
          described in slapd.conf(5) are supported.  If debug-level is  ?,
          a list of installed debug-levels is printed, and slapd exits.

          Remember  that if you turn on packet logging, packets containing
          bind passwords will be output, so if you redirect the log  to  a
          logfile, that file should be read-protected.

   -s syslog-level
          This option tells slapd at what debug-level debugging statements
          should be logged to the syslog(8) facility.  The  value  syslog-
          level  can  be set to any value or combination allowed by the -d
          switch.  Slapd logs all messages selected  by  syslog-leveli  at
          the  syslog(3) severity debug-level DEBUG, on the unit specified
          with -l.

   -n service-name
          Specifies the service  name  for  logging  and  other  purposes.
          Defaults to basename of argv[0], i.e.: "slapd".

   -l syslog-local-user
          Selects  the  local user of the syslog(8) facility. Value can be
          LOCAL0, through LOCAL7, as well as USER and DAEMON.  The default
          is  LOCAL4.   However,  this option is only permitted on systems
          that support local users with the syslog(8)  facility.   Logging
          to syslog(8) occurs at the "DEBUG" severity debug-level.

   -f slapd-config-file
          Specifies   the   slapd   configuration  file.  The  default  is
          /etc/ldap/slapd.conf.

   -F slapd-config-directory
          Specifies the slapd  configuration  directory.  The  default  is
          /etc/ldap/slapd.d.   If both -f and -F are specified, the config
          file will be read and converted to config directory  format  and
          written  to  the  specified  directory.   If  neither  option is
          specified,  slapd  will  attempt  to  read  the  default  config
          directory  before  trying  to  use the default config file. If a
          valid config directory exists then the default  config  file  is
          ignored.  All  of  the  slap  tools  that use the config options
          observe this same behavior.

   -h URLlist
          slapd will by default serve  ldap:///  (LDAP  over  TCP  on  all
          interfaces  on  default LDAP port).  That is, it will bind using
          INADDR_ANY and port 389.  The -h option may be used  to  specify
          LDAP (and other scheme) URLs to serve.  For example, if slapd is
          given -h "ldap://127.0.0.1:9009/ ldaps:/// ldapi:///",  it  will
          listen  on  127.0.0.1:9009  for  LDAP, 0.0.0.0:636 for LDAP over
          TLS, and LDAP over IPC  (Unix  domain  sockets).   Host  0.0.0.0
          represents  INADDR_ANY  (any interface).  A space separated list
          of URLs is expected.  The URLs should be of the LDAP, LDAPS,  or
          LDAPI  schemes,  and  generally  without  a DN or other optional
          parameters (excepting as  discussed  below).   Support  for  the
          latter  two  schemes  depends on selected configuration options.
          Hosts may be specified by name or IPv4 and IPv6 address formats.
          Ports,  if specified, must be numeric.  The default ldap:// port
          is 389 and the default ldaps:// port is 636.

          For LDAP over IPC, name is the name of the socket, and  no  port
          is required, nor allowed; note that directory separators must be
          URL-encoded, like any other characters that are special to URLs;
          so the socket

                  /usr/local/var/ldapi

          must be specified as

                  ldapi://%2Fusr%2Flocal%2Fvar%2Fldapi

          The default location for the IPC socket is /var/run/ldapi

          The  listener  permissions  are indicated by "x-mod=-rwxrwxrwx",
          "x-mod=0777" or "x-mod=777", where any of the "rwx" can  be  "-"
          to  suppress the related permission, while any of the "7" can be
          any legal octal digit, according to chmod(1).  The listeners can
          take   advantage   of  the  "x-mod"  extension  to  apply  rough
          limitations to operations,  e.g.  allow  read  operations  ("r",
          which  applies  to  search  and compare), write operations ("w",
          which applies to add, delete, modify and  modrdn),  and  execute
          operations   ("x",   which  means  bind  is  required).   "User"
          permissions apply to authenticated users, while "other" apply to
          anonymous  users; "group" permissions are ignored.  For example,
          "ldap:///????x-mod=-rw-------" means that read and write is only
          allowed  for authenticated connections, and bind is required for
          all operations.  This feature is experimental, and  requires  to
          be manually enabled at configure time.

   -r directory
          Specifies  a directory to become the root directory.  slapd will
          change the current working directory to this directory and  then
          chroot(2)  to  this  directory.   This  is  done  after  opening
          listeners  but  before  reading  any   configuration   file   or
          initializing any backend.  When used as a security mechanism, it
          should be used in conjunction with -u and -g options.

   -u user
          slapd will run slapd with the specified user  name  or  id,  and
          that   user's  supplementary  group  access  list  as  set  with
          initgroups(3).  The group ID is also changed to this user's gid,
          unless  the  -g option is used to override.  Note when used with
          -r, slapd  will  use  the  user  database  in  the  change  root
          environment.

          Note that on some systems, running as a non-privileged user will
          prevent passwd back-ends from accessing the encrypted passwords.
          Note  also  that  any  shell back-ends will run as the specified
          non-privileged user.

   -g group
          slapd will run with the specified group name or id.   Note  when
          used  with  -r,  slapd will use the group database in the change
          root environment.

   -c cookie
          This option provides  a  cookie  for  the  syncrepl  replication
          consumer.   The  cookie  is a comma separated list of name=value
          pairs.  Currently supported syncrepl cookie fields are rid, sid,
          and  csn.   rid  identifies  a  replication  thread  within  the
          consumer server and is used to find the  syncrepl  specification
          in   slapd.conf(5)   or   slapd-config(5)  having  the  matching
          replication identifier  in  its  definition.  The  rid  must  be
          provided  in  order  for  any other specified values to be used.
          sid   is   the   server   id   in   a   multi-master/mirror-mode
          configuration.   csn is the commit sequence number received by a
          previous  synchronization  and  represents  the  state  of   the
          consumer   replica   content  which  the  syncrepl  engine  will
          synchronize to the current provider content.  In case of mirror-
          mode or multi-master replication agreement, multiple csn values,
          semicolon separated, can appear.  Use only the rid part to force
          a full reload.

   -o option[=value]
          This  option provides a generic means to specify options without
          the need to reserve a separate letter for them.

          It supports the following options:

          slp={on|off|slp-attrs}
                 When SLP support  is  compiled  into  slapd,  disable  it
                 (off),
                  enable it by registering at SLP DAs without specific SLP
                 attributes (on), or with  specific  SLP  attributes  slp-
                 attrs  that  must  be  an  SLP  attribute list definition
                 according to the SLP standard.

                 For       example,        "slp=(tree=production),(server-
                 type=OpenLDAP),(server-version=2.4.15)"  registers at SLP
                 DAs with the three SLP attributes tree,  server-type  and
                 server-version  that  have  the values given above.  This
                 allows to specifically query the SLP DAs for LDAP servers
                 holding  the  production  tree in case multiple trees are
                 available.

EXAMPLES

   To start slapd and have it fork and detach from the terminal and  start
   serving  the  LDAP  databases  defined in the default config file, just
   type:

        /usr/sbin/slapd

   To start slapd with  an  alternate  configuration  file,  and  turn  on
   voluminous debugging which will be printed on standard error, type:

        /usr/sbin/slapd -f /var/tmp/slapd.conf -d 255

   To test whether the configuration file is correct or not, type:

        /usr/sbin/slapd -Tt

SEE ALSO

   ldap(3),  slapd.conf(5),  slapd-config(5), slapd.access(5), slapacl(8),
   slapadd(8),   slapauth(8),   slapcat(8),    slapdn(8),    slapindex(8),
   slappasswd(8), slapschema(8), slaptest(8).

   "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)

BUGS

   See http://www.openldap.org/its/

ACKNOWLEDGEMENTS

   OpenLDAP  Software  is developed and maintained by The OpenLDAP Project
   <http://www.openldap.org/>.   OpenLDAP   Software   is   derived   from
   University of Michigan LDAP 3.3 Release.





Opportunity


Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.

Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.





Free Software


Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.


Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.





Free Books


The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.


Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.





Education


Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.


Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.