The following is a basic example that implements Access Logging:
-> database bdb
+> database mdb
> suffix dc=example,dc=com
+> maxsize 85899345920
> ...
> overlay accesslog
> logdb cn=log
> logops writes reads
> logold (objectclass=person)
>
-> database bdb
+> database mdb
> suffix cn=log
+> maxsize 85899345920
> ...
> index reqStart eq
> access to *
The following is an example used for {{SECT:delta-syncrepl replication}}:
-> database hdb
+> database mdb
> suffix cn=accesslog
-> directory /usr/local/var/openldap-accesslog
> rootdn cn=accesslog
+> maxsize 85899345920
+> directory /usr/local/var/openldap-accesslog
> index default eq
-> index entryCSN,objectClass,reqEnd,reqResult,reqStart
+> index entryCSN,objectClass,reqEnd,reqResult,reqStart,reqDN
Accesslog overlay definitions for the primary db
-> database bdb
+> database mdb
> suffix dc=example,dc=com
+> maxsize 85899345920
> ...
> overlay accesslog
> logdb cn=accesslog
>
> authz-regexp "gidNumber=0\\\+uidNumber=0,cn=peercred,cn=external,cn=auth"
> "cn=Manager,dc=example,dc=com"
-> database bdb
+> database mdb
> suffix "dc=example,dc=com"
> rootdn "cn=Manager,dc=example,dc=com"
> rootpw secret
+> maxsize 85899345920
> directory /var/lib/ldap2.4
> checkpoint 256 5
> index objectClass eq
This directive enables proxy caching and sets general cache
parameters. The <DB> parameter specifies which underlying database
is to be used to hold cached entries. It should be set to
-{{EX:bdb}} or {{EX:hdb}}. The <maxentries> parameter specifies the
-total number of entries which may be held in the cache. The
-<nattrsets> parameter specifies the total number of attribute sets
+{{EX:mdb}}, {{EX:hdb}}, or {{EX:bdb}}. The <maxentries> parameter
+specifies the total number of entries which may be held in the cache.
+The <nattrsets> parameter specifies the total number of attribute sets
(as specified by the {{EX:pcacheAttrset}} directive) that may be
defined. The <entrylimit> parameter specifies the maximum number of
entries in a cacheable query. The <period> specifies the consistency
> rootdn "dc=example,dc=com"
> uri ldap://ldap.example.com/
> overlay pcache
-> pcache hdb 100000 1 1000 100
+> pcache mdb 100000 1 1000 100
> pcacheAttrset 0 mail postaladdress telephonenumber
> pcacheTemplate (sn=) 0 3600
> pcacheTemplate (&(sn=)(givenName=)) 0 3600
> objectClass: olcOverlayConfig
> objectClass: olcPcacheConfig
> olcOverlay: {0}pcache
-> olcPcache: hdb 100000 1 1000 100
+> olcPcache: mdb 100000 1 1000 100
> olcPcacheAttrset: 0 mail postalAddress telephoneNumber
> olcPcacheTemplate: "(sn=)" 0 3600 0 0 0
> olcPcacheTemplate: "(&(sn=)(givenName=))" 0 3600 0 0 0
context "dc=example,dc=com". In this example we are also specifying the DN of
a policy object to use if none other is specified in a user's object.
-> database bdb
+> database mdb
> suffix "dc=example,dc=com"
> [...additional database configuration directives go here...]
>
H3: Overview
-This overlay can be used with a backend database such as slapd-bdb(5)
+This overlay can be used with a backend database such as slapd-mdb(5)
to maintain the cohesiveness of a schema which utilizes reference
attributes.
H3: Overview
-This overlay can be used with a backend database such as {{:slapd-bdb}}(5)
+This overlay can be used with a backend database such as {{:slapd-mdb}}(5)
to create a "translucent proxy".
Entries retrieved from a remote LDAP server may have some or all attributes
> pidfile ./slapd.pid
> argsfile ./slapd.args
>
-> database bdb
+> database mdb
> suffix "dc=suretecsystems,dc=com"
> rootdn "cn=trans,dc=suretecsystems,dc=com"
> rootpw secret
+> maxsize 85899345920
> directory ./openldap-data
>
> index objectClass eq
H3: Overview
-This overlay can be used with a backend database such as {{slapd-bdb(5)}}
+This overlay can be used with a backend database such as {{slapd-mdb(5)}}
to enforce the uniqueness of some or all attributes within a subtree.
> loglevel sync stats
>
-> database hdb
+> database mdb
> suffix "dc=suretecsystems,dc=com"
> directory /usr/local/var/openldap-data
>
A more complete example of the {{slapd.conf}}(5) content is thus:
> database mdb
-> maxsize 1073741824
-> suffix dc=Example,dc=com
-> rootdn dc=Example,dc=com
+> maxsize 85899345920
+> suffix dc=example,dc=com
+> rootdn dc=example,dc=com
> directory /var/ldap/db
> index objectclass,entryCSN,entryUUID eq
>
database type.
> database mdb
-> maxsize 1073741824
-> suffix dc=Example,dc=com
-> rootdn dc=Example,dc=com
+> maxsize 85899345920
+> suffix dc=example,dc=com
+> rootdn dc=example,dc=com
> directory /var/ldap/db
> index objectclass,entryCSN,entryUUID eq
>
> # of a database. The "by * break" portion causes evaluation of
> # subsequent rules. See slapd.access(5) for details.
> access to *
-> by dn.base="cn=replicator,dc=symas,dc=com" read
+> by dn.base="cn=replicator,dc=example,dc=com" read
> by * break
>
> # Set the module path location
-> modulepath /opt/symas/lib/openldap
+> modulepath /usr/lib/openldap
>
-> # Load the hdb backend
-> moduleload back_hdb.la
+> # Load the mdb backend
+> moduleload back_mdb.la
>
> # Load the accesslog overlay
> moduleload accesslog.la
> moduleload syncprov.la
>
> # Accesslog database definitions
-> database hdb
+> database mdb
> suffix cn=accesslog
-> directory /db/accesslog
> rootdn cn=accesslog
+> directory /var/lib/db/accesslog
+> maxsize 85899345920
> index default eq
-> index entryCSN,objectClass,reqEnd,reqResult,reqStart
+> index entryCSN,objectClass,reqEnd,reqResult,reqStart,reqDN
>
> overlay syncprov
> syncprov-nopresent TRUE
> syncprov-reloadhint TRUE
>
> # Let the replica DN have limitless searches
-> limits dn.exact="cn=replicator,dc=symas,dc=com" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
+> limits dn.exact="cn=replicator,dc=example,dc=com" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
>
> # Primary database definitions
-> database hdb
-> suffix "dc=symas,dc=com"
-> rootdn "cn=manager,dc=symas,dc=com"
+> database mdb
+> suffix "dc=example,dc=com"
+> rootdn "cn=manager,dc=example,dc=com"
+> maxsize 85899345920
>
> ## Whatever other configuration options are desired
>
> logpurge 07+00:00 01+00:00
>
> # Let the replica DN have limitless searches
-> limits dn.exact="cn=replicator,dc=symas,dc=com" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
+> limits dn.exact="cn=replicator,dc=example,dc=com" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
For more information, always consult the relevant man pages ({{slapo-accesslog}}(5) and {{slapd.conf}}(5))
H4: Delta-syncrepl Consumer configuration
> # Replica database configuration
-> database hdb
-> suffix "dc=symas,dc=com"
-> rootdn "cn=manager,dc=symas,dc=com"
+> database mdb
+> suffix "dc=example,dc=com"
+> rootdn "cn=manager,dc=example,dc=com"
+> maxsize 85899345920
>
> ## Whatever other configuration bits for the replica, like indexing
> ## that you want
>
> # syncrepl directives
> syncrepl rid=0
-> provider=ldap://ldapmaster.symas.com:389
+> provider=ldap://ldapmaster.example.com:389
> bindmethod=simple
-> binddn="cn=replicator,dc=symas,dc=com"
+> binddn="cn=replicator,dc=example,dc=com"
> credentials=secret
-> searchbase="dc=symas,dc=com"
+> searchbase="dc=example,dc=com"
> logbase="cn=accesslog"
> logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
> schemachecking=on
> syncdata=accesslog
>
> # Refer updates to the master
-> updateref ldap://ldapmaster.symas.com
+> updateref ldap://ldapmaster.example.com
The above configuration assumes that you have a replicator identity defined
> include /usr/local/etc/openldap/slapd.acl
>
> modulepath /usr/local/libexec/openldap
-> moduleload back_hdb.la
+> moduleload back_mdb.la
> moduleload syncprov.la
> moduleload back_monitor.la
> moduleload back_ldap.la
>
> loglevel sync stats
>
-> database hdb
+> database mdb
> suffix "dc=suretecsystems,dc=com"
> directory /usr/local/var/openldap-data
+> maxsize 85899345920
>
> checkpoint 1024 5
-> cachesize 10000
-> idlcachesize 10000
>
> index objectClass eq
> # rest of indexes
> include /usr/local/etc/openldap/slapd.acl
>
> modulepath /usr/local/libexec/openldap
-> moduleload back_hdb.la
+> moduleload back_mdb.la
> moduleload syncprov.la
> moduleload back_monitor.la
> moduleload back_ldap.la
>
> loglevel sync stats
>
-> database hdb
+> database mdb
> suffix "dc=suretecsystems,dc=com"
> directory /usr/local/var/openldap-slave/data
>
+> maxsize 85899345920
> checkpoint 1024 5
-> cachesize 10000
-> idlcachesize 10000
>
> index objectClass eq
> # rest of indexes
projects / thirdparty / openldap.git / commitdiff
