LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/HOWTO/LDAP-HOWTO/globaldirect.html

571 lines
9.0 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML
><HEAD
><TITLE
>Global Directives</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="LDAP Linux HOWTO"
HREF="index.html"><LINK
REL="UP"
TITLE="Configuring the LDAP Server"
HREF="config.html"><LINK
REL="PREVIOUS"
TITLE="Configuration File Format"
HREF="configformat.html"><LINK
REL="NEXT"
TITLE="General Backend Directives"
HREF="generalbedirect.html"></HEAD
><BODY
CLASS="section"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>LDAP Linux HOWTO</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="configformat.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 3. Configuring the LDAP Server</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="generalbedirect.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="section"
><H1
CLASS="section"
><A
NAME="GlobalDirect"
></A
>3.2. Global Directives</H1
><P
>Directives described in this section apply to all backends and databases unless
specifically overridden in a backend or database definition. Arguments that
should be replaced by actual text are shown in brackets &#60;&#62;.</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>access to &#60;what&#62; [ by &#60;who&#62; &#60;accesslevel&#62; &#60;control&#62; ]+</PRE
></FONT
></TD
></TR
></TABLE
><P
>This directive grants access (specified by &#60;accesslevel&#62;) to a set of
entries and/or attributes (specified by &#60;what&#62;) by one or more requesters
(specified by &#60;who&#62;). See the <A
HREF="accesscontrol.html"
>Section 3.7</A
> examples for more details.</P
><P
><B
CLASS="command"
>Important:</B
> If no access directives are specified, the default access control policy,
access to * by * read, allows all both authenticated and anonymous users read access.</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>attributetype &#60;RFC2252 Attribute Type Description&#62;</PRE
></FONT
></TD
></TR
></TABLE
><P
>This directive defines an attribute type. Check the following URL for more
details: <A
HREF="http://www.openldap.org/doc/admin22/schema.html"
TARGET="_top"
>Schema Specification</A
></P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>idletimeout &#60;integer&#62;</PRE
></FONT
></TD
></TR
></TABLE
><P
>Specify the number of seconds to wait before forcibly closing an idle client
connection. An idletimeout of 0, the default, disables this feature.</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>include &#60;filename&#62;</PRE
></FONT
></TD
></TR
></TABLE
><P
>This directive specifies that slapd should read additional configuration
information from the given file before continuing with the next line of the
current file. The included file should follow the normal slapd config file
format. The file is commonly used to include files containing schema
specifications.</P
><P
><B
CLASS="command"
>Note:</B
>You should be careful when using this directive -
there is no small limit on the number of nested include directives,
and no loop detection is done. </P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>loglevel &#60;integer&#62;</PRE
></FONT
></TD
></TR
></TABLE
><P
>This directive specifies the level at which debugging statements and operation
statistics should be syslogged (currently logged to the syslogd(8) LOCAL4
facility). You must have configured OpenLDAP --enable-debug (the default) for
this to work (except for the two statistics levels, which are always enabled).
Log levels are additive. To display what numbers correspond to what kind of
debugging, invoke slapd with -? or consult the table below. The possible values
for &#60;integer&#62; are:</P
><P
><DIV
CLASS="table"
><A
NAME="AEN312"
></A
><P
><B
>Table 3-1. Debugging Levels</B
></P
><TABLE
BORDER="1"
CLASS="CALSTABLE"
><THEAD
><TR
><TH
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>Level</TH
><TH
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>Description</TH
></TR
></THEAD
><TBODY
><TR
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>-1</TD
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>enable all debugging</TD
></TR
><TR
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>0</TD
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>no debugging</TD
></TR
><TR
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>1</TD
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>trace function calls</TD
></TR
><TR
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>2</TD
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>debug packet handling</TD
></TR
><TR
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>4</TD
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>heavy trace debugging</TD
></TR
><TR
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>8</TD
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>connection management </TD
></TR
><TR
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>16</TD
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>print out packets sent and received </TD
></TR
><TR
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>32</TD
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>search filter processing </TD
></TR
><TR
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>64</TD
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>configuration file processing</TD
></TR
><TR
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>128</TD
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>access control list processing</TD
></TR
><TR
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>256</TD
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>stats log connections/operations/results</TD
></TR
><TR
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>512</TD
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>stats log entries sent </TD
></TR
><TR
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>1024</TD
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>print communication with shell backends </TD
></TR
><TR
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>2048</TD
><TD
WIDTH="0"
ALIGN="LEFT"
VALIGN="MIDDLE"
>print entry parsing debugging </TD
></TR
></TBODY
></TABLE
></DIV
></P
><P
>Example: </P
><P
>loglevel 255 or loglevel -1</P
><P
>This will cause lots and lots of debugging information to be syslogged. </P
><P
>Default:</P
><P
>loglevel 256</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>objectclass &#60;RFC2252 Object Class Description&#62;</PRE
></FONT
></TD
></TR
></TABLE
><P
>This directive defines an object class. Check the following URL for more
details: <A
HREF="http://www.openldap.org/doc/admin22/schema.html"
TARGET="_top"
>Schema Specification</A
></P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>referral &#60;URI&#62;</PRE
></FONT
></TD
></TR
></TABLE
><P
>This directive specifies the referral to pass back when slapd cannot find a
local database to handle a request.</P
><P
>Example:</P
><P
>referral ldap://root.openldap.org</P
><P
>This will refer non-local queries to the global root LDAP server at the
OpenLDAP Project. Smart LDAP clients can re-ask their query at that server, but
note that most of these clients are only going to know how to handle simple
LDAP URLs that contain a host part and optionally a distinguished name part.</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>sizelimit &#60;integer&#62;</PRE
></FONT
></TD
></TR
></TABLE
><P
>This directive specifies the maximum number of entries to return from a search
operation.</P
><P
>Default:</P
><P
>sizelimit 500</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>timelimit &#60;integer&#62;</PRE
></FONT
></TD
></TR
></TABLE
><P
>This directive specifies the maximum number of seconds (in real time) slapd
will spend answering a search request. If a request is not finished in this
time, a result indicating an exceeded timelimit will be returned.</P
><P
>Default:</P
><P
>timelimit 3600</P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="configformat.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="generalbedirect.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Configuration File Format</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="config.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>General Backend Directives</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink