Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 08-05-2008 Installation Manual page 691

Apart from the possibility to administer access permissions with the central server
configuration file (slapd.conf), there is access control information (ACI). ACI allows
storage of the access information for individual objects within the LDAP tree. This type
of access control is not yet common and is still considered experimental by the devel-
opers. Refer to
http://www.openldap.org/faq/data/cache/758.html
for information.
36.3.2 Database-Specific Directives in
slapd.conf
Example 36.6 slapd.conf: Database-Specific Directives
database bdb
suffix "dc=example,dc=com"
checkpoint 1024
cachesize 10000
rootdn "cn=Administrator,dc=example,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain
index objectClass
overlay ppolicy
ppolicy_default "cn=Default Password Policy,dc=example,dc=com"
ppolicy_hash_cleartext
ppolicy_use_lockout
The type of database, a Berkeley database in this case, is set in the first line of
this section (see
(page 673)).
suffix determines for which portion of the LDAP tree this server should be
responsible.
checkpoint determines the amount of data (in KB) that is kept in the transaction
log before it is written to the actual database and the time (in minutes) between
two write actions.
cachesize sets the number of objects kept in the database's cache.
5
eq
Example 36.6, "slapd.conf: Database-Specific Directives"
LDAP—A Directory Service 673