If you plan to scale up your LDAP directory to be used by more than just a small office or home e-mail server, there are some additional configuration options you might want to consider. Here are a few suggestions:
Replicate the LDAP directory — You can make your LDAP directory accessible from multiple LDAP servers and have updates to your directory be disseminated to those servers. See the man page for the slurpd daemon (which handles update replication) and the OpenLDAP Administrator’s Guide for information on setting up LDAP directory replication.
Add certificates — Transport Layer Security is built into the OpenLDAP server. For information on defining certificates and ciphers that will be accepted by the slapd daemon, refer to the slapd.conf man page.
Change log levels — You can specify the level of debugging that is done by the slapd daemon. By adding the loglevel <integer> option to the slapd.conf file, you can have slapd do the following types of logging:
1 Trace function calls
2 Debug packet handling
4 Heavy trace debugging
8 Connection management
16 Print out packets sent and received
32 Search filter processing
64 Configuration file processing
128 Access control list processing
256 Stats log connections/operations/results
512 Stats log entries sent
1024 Print communication with shell backends
2048 Entry parsing
By default, the loglevel is 256. To log everything, set the loglevel to 4095. To get combinations of loglevel features, simply add the numbers you want together. For example, for trace function calls, heavy trace debugging and connection management, use the number 13 (as in 1 + 4 + 8).
Limit searches — You can limit the number of entries that can be returned by a search (sizelimit 500, by default) and the amount of time slapd will take to answer a search request in seconds (timelimit 3600). Add new values that you want for your LDAP directory to your slapd.conf file.
Add access control policy — In the slapd.conf file, the default database access is set to allow read access by anyone who can access the database. If you want to change that behavior, you can add access lines to selectively decide who can read and write to your database. For this example, I want to allow everyone to be able to read from the database, but only allow people to change their own information. Refer to the slapd.conf man page for further information.