More Ways to Configure LDAP

Previous page
Table of content
Next page

If you plan to scale up your LDAP directory to be used by more than just a small office or home e-mail server, there are some additional configuration options you might want to consider. Here are a few suggestions:

  • Replicate the LDAP directory - You can make your LDAP directory accessible from multiple LDAP servers and have updates to your directory be disseminated to those servers. See the man page for the slurpd daemon (which handles update replication) and the OpenLDAP Administrator's Guide for information on setting up LDAP directory replication.

  • Add certificates - Transport Layer Security is built into the OpenLDAP server. For information on defining certificates and ciphers that will be accepted by the slapd daemon, refer to the slapd.conf man page.

  • Change log levels - You can specify the level of debugging that is done by the slapd daemon. By adding the loglevel <integer> option to the slapd.conf file, you can have slapd do the following types of logging:

    1

    Trace function calls

    2

    Debug packet handling

    4

    Heavy trace debugging

    8

    Connection management

    16

    Print out packets sent and received

    32

    Search filter processing

    64

    Configuration file processing

    128

    Access control list processing

    256

    Stats log connections/operations/results

    512

    Stats log entries sent

    1024

    Print communication with shell backends

    2048

    Entry parsing

    By default, the loglevel is 256. To log everything, set the loglevel to 4095. To get combinations of loglevel features, simply add the numbers you want together. For example, for trace function calls, heavy trace debugging and connection management, use the number 13 (as in 1 + 4 + 8).

  • Limit searches - You can limit the number of entries that can be returned by a search ( sizelimit 500 , by default) and the amount of time slapd will take to answer a search request in seconds ( timelimit 3600 ). Add new values that you want for your LDAP directory to your slapd.conf file.

  • Add access control policy - In the slapd.conf file, the default database access is set to allow read access by anyone who can access the database. If you want to change that behavior, you can add access lines to selectively decide who can read and write to your database. For this example, I want to allow everyone to be able to read from the database, but only allow people to change their own information. Refer to the slapd.conf man page for further information.



Previous page
Table of content
Next page
Fedora 6 and Red Hat Enterprise Linux Bible
Fedora 6 and Red Hat Enterprise Linux Bible
ISBN: 047008278X
EAN: 2147483647
Year: 2007
Pages: 279
Authors: Christopher Negus
BUY ON AMAZON
Agile Project Management: Creating Innovative Products (2nd Edition)
Documenting Software Architectures: Views and Beyond
Cisco Voice Gateways and Gatekeepers
Mapping Hacks: Tips & Tools for Electronic Cartography
Junos Cookbook (Cookbooks (OReilly))
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy