Whole document tree

Whole document tree

LDAP Linux HOWTO: Running the LDAP Server Next Previous Contents

4. Running the LDAP Server

slapd is designed to be run as a stand-alone server. This allows the server to take advantage of caching, manage concurrency issues with underlying databases, and conserve system resources. Running from inetd(8) is NOT an option.

4.1 Command Line Options

slapd supports a number of command-line options as detailed in the manual page. This section details a few commonly used options:

-f <filename>

This option specifies an alternate configuration file for slapd. The default is
 normally /usr/local/etc/openldap/slapd.conf.

-h <URLs>

This option specifies alternative listener configurations. The default is 
ldap:/// which implies LDAP over TCP on all interfaces on the default LDAP port
 389. You can specify specific host-port pairs or other protocol schemes 
(such as ldaps:// or ldapi://). For example, -h "ldaps:// ldap://"
 will create two listeners: one for LDAP over SSL on all interfaces on the 
default LDAP/SSL port 636, and one for LDAP over TCP on the localhost 
(loopback) interface on port 667. Hosts may be specified using IPv4 
dotted-decimal form or using host names.
Port values must be numeric.

-n <service-name>

This option specifies the service name used for logging and other purposes. 
The default service name is slapd.

-l <syslog-local-user>

This option specifies the local user for the syslog(8) facility. Values can be 
LOCAL0, LOCAL1, LOCAL2, ..., and LOCAL7. The default is LOCAL4. This option 
may not be supported on all systems.

-u user -g group

These options specify the user and group, respectively, to run as. user can be 
either a user name or uid. group can be either a group name or gid.

-r directory

This option specifies a run-time directory. slapd will chroot(2) to this 
directory after opening listeners but before reading any configuration files 
or initializing any backends.

-d <level> | ?

This option sets the slapd debug level to <level>. When level is a `?' 
character, the various debugging levels are printed and slapd exits, regardless
 of any other options you give it. Current debugging levels are:

-1  enable all debugging  
0  no debugging  
1  trace function calls  
2  debug packet handling  
4  heavy trace debugging  
8  connection management  
16  print out packets sent and received  
32  search filter processing  
64  configuration file processing  
128  access control list processing  
256  stats log connections/operations/results  
512  stats log entries sent  
1024  print communication with shell backends  
2048  print entry parsing debugging  

You may enable multiple levels by specifying the debug option once for each 
desired level. Or, since debugging levels are additive, you can do the math 
yourself. That is, if you want to trace function calls and watch the config 
file being processed, you could set level to the sum of those two levels (in 
this case, -d 65). Or, you can let slapd do the math, (e.g. -d 1 -d 64). 
Consult <ldap.h> for more details.

Note: slapd must have been compiled with -DLDAP_DEBUG defined for any debugging
 information beyond the two stats levels to be available. 

4.2 Starting the LDAP server

In general, slapd is run like this:

/usr/local/etc/libexec/slapd [<option>]*

where /usr/local/etc/libexec is determined by configure and <option> is one of the options described above (or in slapd(8)). Unless you have specified a debugging level (including level 0), slapd will automatically fork and detach itself from its controlling terminal and run in the background.

4.3 Killing the LDAP server

To kill off slapd safely, you should give a command like this:

kill -TERM `cat $(ETCDIR)/slapd.pid`

Killing slapd by a more drastic method may cause its LDBM databases to be corrupted, as it may need to flush various buffers before it exits. Note that slapd writes its pid to a file called slapd.pid in the directory you configured in slapd.conf file, for example: /usr/local/var/slapd.pid

You can change the location of this pid file by changing the SLAPD_PIDFILE variable in include/ldapconfig.h.edit

Slapd will also write its arguments to a file called slapd.args in the directory you configured in slapd.conf file, for example /usr/local/var/slapd.args

You can change the location of the args file by changing the SLAPD_ARGSFILE variable in include/ldapconfig.h.edit.

Next Previous Contents