Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007 Installation Manual page 688

Apart from the possibility to administer access permissions with the central server
configuration file (slapd.conf), there is access control information (ACI). ACI allows
storage of the access information for individual objects within the LDAP tree. This type
of access control is not yet common and is still considered experimental by the devel-
opers. Refer to
for information.
36.3.2 Database-Specific Directives in
Example 36.6 slapd.conf: Database-Specific Directives
database bdb
suffix "dc=example,dc=com"
checkpoint
cachesize
rootdn "cn=Administrator,dc=example,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain
index
overlay ppolicy
ppolicy_default "cn=Default Password Policy,dc=example,dc=com"
ppolicy_hash_cleartext
ppolicy_use_lockout
The type of database, a Berkeley database in this case, is set in the first line of
this section (see
(page 670)).
suffix determines for which portion of the LDAP tree this server should be
responsible.
checkpoint determines the amount of data (in KB) that is kept in the transaction
log before it is written to the actual database and the time (in minutes) between
two write actions.
cachesize sets the number of objects kept in the database's cache.
670 Installation and Administration
http://www.openldap.org/faq/data/cache/758.html
slapd.conf
1024 5
10000
See slappasswd(8) and slapd.conf(5) for details.
objectClass eq
Example 36.6, "slapd.conf: Database-Specific Directives"