571 lines
9.0 KiB
HTML
571 lines
9.0 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
|
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Global Directives</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
|
REL="HOME"
|
|
TITLE="LDAP Linux HOWTO"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Configuring the LDAP Server"
|
|
HREF="config.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Configuration File Format"
|
|
HREF="configformat.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="General Backend Directives"
|
|
HREF="generalbedirect.html"></HEAD
|
|
><BODY
|
|
CLASS="section"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
SUMMARY="Header navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>LDAP Linux HOWTO</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="configformat.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 3. Configuring the LDAP Server</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="generalbedirect.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><H1
|
|
CLASS="section"
|
|
><A
|
|
NAME="GlobalDirect"
|
|
></A
|
|
>3.2. Global Directives</H1
|
|
><P
|
|
>Directives described in this section apply to all backends and databases unless
|
|
specifically overridden in a backend or database definition. Arguments that
|
|
should be replaced by actual text are shown in brackets <>.</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>access to <what> [ by <who> <accesslevel> <control> ]+</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>This directive grants access (specified by <accesslevel>) to a set of
|
|
entries and/or attributes (specified by <what>) by one or more requesters
|
|
(specified by <who>). See the <A
|
|
HREF="accesscontrol.html"
|
|
>Section 3.7</A
|
|
> examples for more details.</P
|
|
><P
|
|
><B
|
|
CLASS="command"
|
|
>Important:</B
|
|
> If no access directives are specified, the default access control policy,
|
|
access to * by * read, allows all both authenticated and anonymous users read access.</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>attributetype <RFC2252 Attribute Type Description></PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>This directive defines an attribute type. Check the following URL for more
|
|
details: <A
|
|
HREF="http://www.openldap.org/doc/admin22/schema.html"
|
|
TARGET="_top"
|
|
>Schema Specification</A
|
|
></P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>idletimeout <integer></PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>Specify the number of seconds to wait before forcibly closing an idle client
|
|
connection. An idletimeout of 0, the default, disables this feature.</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>include <filename></PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>This directive specifies that slapd should read additional configuration
|
|
information from the given file before continuing with the next line of the
|
|
current file. The included file should follow the normal slapd config file
|
|
format. The file is commonly used to include files containing schema
|
|
specifications.</P
|
|
><P
|
|
><B
|
|
CLASS="command"
|
|
>Note:</B
|
|
>You should be careful when using this directive -
|
|
there is no small limit on the number of nested include directives,
|
|
and no loop detection is done. </P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>loglevel <integer></PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>This directive specifies the level at which debugging statements and operation
|
|
statistics should be syslogged (currently logged to the syslogd(8) LOCAL4
|
|
facility). You must have configured OpenLDAP --enable-debug (the default) for
|
|
this to work (except for the two statistics levels, which are always enabled).
|
|
Log levels are additive. To display what numbers correspond to what kind of
|
|
debugging, invoke slapd with -? or consult the table below. The possible values
|
|
for <integer> are:</P
|
|
><P
|
|
><DIV
|
|
CLASS="table"
|
|
><A
|
|
NAME="AEN312"
|
|
></A
|
|
><P
|
|
><B
|
|
>Table 3-1. Debugging Levels</B
|
|
></P
|
|
><TABLE
|
|
BORDER="1"
|
|
CLASS="CALSTABLE"
|
|
><THEAD
|
|
><TR
|
|
><TH
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>Level</TH
|
|
><TH
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>Description</TH
|
|
></TR
|
|
></THEAD
|
|
><TBODY
|
|
><TR
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>-1</TD
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>enable all debugging</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>0</TD
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>no debugging</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>1</TD
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>trace function calls</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>2</TD
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>debug packet handling</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>4</TD
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>heavy trace debugging</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>8</TD
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>connection management </TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>16</TD
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>print out packets sent and received </TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>32</TD
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>search filter processing </TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>64</TD
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>configuration file processing</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>128</TD
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>access control list processing</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>256</TD
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>stats log connections/operations/results</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>512</TD
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>stats log entries sent </TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>1024</TD
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>print communication with shell backends </TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>2048</TD
|
|
><TD
|
|
WIDTH="0"
|
|
ALIGN="LEFT"
|
|
VALIGN="MIDDLE"
|
|
>print entry parsing debugging </TD
|
|
></TR
|
|
></TBODY
|
|
></TABLE
|
|
></DIV
|
|
></P
|
|
><P
|
|
>Example: </P
|
|
><P
|
|
>loglevel 255 or loglevel -1</P
|
|
><P
|
|
>This will cause lots and lots of debugging information to be syslogged. </P
|
|
><P
|
|
>Default:</P
|
|
><P
|
|
>loglevel 256</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>objectclass <RFC2252 Object Class Description></PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>This directive defines an object class. Check the following URL for more
|
|
details: <A
|
|
HREF="http://www.openldap.org/doc/admin22/schema.html"
|
|
TARGET="_top"
|
|
>Schema Specification</A
|
|
></P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>referral <URI></PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>This directive specifies the referral to pass back when slapd cannot find a
|
|
local database to handle a request.</P
|
|
><P
|
|
>Example:</P
|
|
><P
|
|
>referral ldap://root.openldap.org</P
|
|
><P
|
|
>This will refer non-local queries to the global root LDAP server at the
|
|
OpenLDAP Project. Smart LDAP clients can re-ask their query at that server, but
|
|
note that most of these clients are only going to know how to handle simple
|
|
LDAP URLs that contain a host part and optionally a distinguished name part.</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>sizelimit <integer></PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>This directive specifies the maximum number of entries to return from a search
|
|
operation.</P
|
|
><P
|
|
>Default:</P
|
|
><P
|
|
>sizelimit 500</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>timelimit <integer></PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>This directive specifies the maximum number of seconds (in real time) slapd
|
|
will spend answering a search request. If a request is not finished in this
|
|
time, a result indicating an exceeded timelimit will be returned.</P
|
|
><P
|
|
>Default:</P
|
|
><P
|
|
>timelimit 3600</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
SUMMARY="Footer navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="configformat.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
ACCESSKEY="H"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="generalbedirect.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Configuration File Format</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="config.html"
|
|
ACCESSKEY="U"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>General Backend Directives</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |