More ways to configure LDAP

If you plan to scale up your LDAP directory to be used by more than just a small office or home e-mail server, there are some additional configuration options you might want to consider. Here are a few suggestions:

  • Replicate the LDAP directory — You can make your LDAP directory accessible from multiple LDAP servers and have updates to your directory be disseminated to those servers. See the man page for the slurpd daemon (which handles update replication) and the OpenLDAP Administrator’s Guide for information on setting up LDAP directory replication.

  • Add certificates — Transport Layer Security is built into the OpenLDAP server. For information on defining certificates and ciphers that will be accepted by the slapd daemon, refer to the slapd.conf man page.

  • Change log levels — You can specify the level of debugging that is done by the slapd daemon. By adding the loglevel <integer> option to the slapd.conf file, you can have slapd do the following types of logging:

    • 1 Trace function calls

    • 2 Debug packet handling

    • 4 Heavy trace debugging

    • 8 Connection management

    • 16 Print out packets sent and received

    • 32 Search filter processing

    • 64 Configuration file processing

    • 128 Access control list processing

    • 256 Stats log connections/operations/results

    • 512 Stats log entries sent

    • 1024 Print communication with shell backends

    • 2048 Entry parsing

    By default, the loglevel is 256. To log everything, set the loglevel to 4095. To get combinations of loglevel features, simply add the numbers you want together. For example, for trace function calls, heavy trace debugging and connection management, use the number 13 (as in 1 + 4 + 8).

  • Limit searches — You can limit the number of entries that can be returned by a search (sizelimit 500, by default) and the amount of time slapd will take to answer a search request in seconds (timelimit 3600). Add new values that you want for your LDAP directory to your slapd.conf file.

  • Add access control policy — In the slapd.conf file, the default database access is set to allow read access by anyone who can access the database. If you want to change that behavior, you can add access lines to selectively decide who can read and write to your database. For this example, I want to allow everyone to be able to read from the database, but only allow people to change their own information. Refer to the slapd.conf man page for further information.

Red Hat Fedora Linux 3 Bible
Red Hat Fedora Linux 3 Bible
ISBN: 0764578723
EAN: 2147483647
Year: 2005
Pages: 286 © 2008-2017.
If you may any questions please contact us: