SLAPD(8C)             MAINTENANCE COMMANDS              SLAPD(8C)


     slapd - Stand-alone LDAP Daemon


     LIBEXECDIR/slapd    [-[4|6]]    [-d     debug-level]     [-f
     slapd-config-file]   [-h   URLs]   [-n   service-name]   [-s
     syslog-level]  [-l  syslog-local-user]  [-r  directory]  [-u
     user] [-g group] [-t] [-c cookie]


     Slapd is the stand-alone LDAP daemon. It  listens  for  LDAP
     connections on any number of ports (default 389), responding
     to the LDAP operations it receives over  these  connections.
     slapd  is  typically  invoked  at  boot time, usually out of
     /etc/rc.local.   Upon  startup,  slapd  normally  forks  and
     disassociates  itself  from the invoking tty.  If configured
     in ETCDIR/slapd.conf, the slapd process will print its  pro-
     cess  ID (see getpid(2)) to a .pid file, as well as the com-
     mand line options during invocation to an  .args  file  (see
     slapd.conf(5)).   If  the -d flag is given, even with a zero
     argument, slapd will not  fork  and  disassociate  from  the
     invoking tty.

     Slapd can be configured to provide replicated service for  a
     database with the help of slurpd, the standalone LDAP update
     replication daemon.  See slurpd(8) for details.

     See the "OpenLDAP Administrator's Guide" for more details on


     -4   Listen on IPv4 addresses only.

     -6   Listen on IPv6 addresses only.

     -d debug-level
          Turn on debugging as defined by  debug-level.  If  this
          option  is  specified, even with a zero argument, slapd
          will not fork or disassociate from the invoking  termi-
          nal.   Some  general  operation and status messages are
          printed for any value of debug-level.   debug-level  is
          taken as a bit string, with each bit corresponding to a
          different kind of debugging information.  See  <ldap.h>
          for  details.  Remember that if you turn on packet log-
          ging, packets containing bind passwords will be output,
          so  if  you  redirect  the  log to a logfile, that file
          should be read-protected.

     -s syslog-level
          This option tells slapd at what level debugging  state-
          ments should be logged to the syslog(8) facility.

OpenLDAP LDVERSION  Last change: RELEASEDATE                    1

SLAPD(8C)             MAINTENANCE COMMANDS              SLAPD(8C)

     -n service-name
          Specifies the service name for logging and  other  pur-
          poses.  Defaults to basename of argv[0], i.e.: "slapd".

     -l syslog-local-user
          Selects the  local  user  of  the  syslog(8)  facility.
          Values  can be LOCAL0, LOCAL1, and so on, up to LOCAL7.
          The default is LOCAL4.  However, this  option  is  only
          permitted  on systems that support local users with the
          syslog(8) facility.

     -f slapd-config-file
          Specifies the slapd configuration file. The default  is

     -h URLlist
          slapd will by default serve ldap:/// (LDAP over TCP  on
          all interfaces on default LDAP port).  That is, it will
          bind using INADDR_ANY and port 389.  The -h option  may
          be  used  to  specify  LDAP  (and other scheme) URLs to
          serve.    For   example,   if   slapd   is   given   -h
          ldap://  ldaps:///  ldapi:///  , It will
          bind for LDAP, for LDAP over
          TLS,  and  LDAP  over  IPC (Unix domain sockets).  Host
 represents INADDR_ANY.  A space separated  list
          of  URLs  is  expected.   The  URLs  should  be of LDAP
          (ldap://) or LDAP over TLS (ldaps://) or LDAP over  IPC
          (ldapi://) scheme without a DN or other optional param-
          eters, except an experimental extension to indicate the
          permissions  of  the underlying listeners.  Support for
          the latter two schemes depends on  selected  configura-
          tion  options.   Hosts may be specified by name or IPv4
          and IPv6 address formats.  Ports, if specified, must be
          numeric.   The  default  ldap://  port  is  389 and the
          default ldaps:// port is 636.  The  socket  permissions
          for  LDAP over IPC are indicated by "x-mod=-rwxrwxrwx",
          "x-mod=0777" or "x-mod=777", where any of the "rwx" can
          be  "-"  to suppress the related permission (note, how-
          ever, that sockets  only  honor  the  "w"  permission),
          while  any  of  the  "7"  can be any legal octal digit,
          according to chmod(1).  While LDAP  over  IPC  requires
          write permissions on the socket to allow any operation,
          the other listeners can take advantage of  the  "x-mod"
          extension  to  apply  rough  limitations to users, e.g.
          allow read operations ("r", which applies to search and
          compare),  write operations ("w", which applies to add,
          delete, modify  and  modrdn),  and  execute  operations
          ("x",  which  means  bind is required).  "User" permis-
          sions apply to bound  users,  while  "other"  apply  to
          anonymous users.

     -r directory

OpenLDAP LDVERSION  Last change: RELEASEDATE                    2

SLAPD(8C)             MAINTENANCE COMMANDS              SLAPD(8C)

          Specifies  a  chroot  "jail"  directory.   slapd   will
          chdir(2) then chroot(2) to this directory after opening
          listeners but before reading any configuration file  or
          initializing any backend.

     -u user
          slapd will run slapd with the specified  user  name  or
          id,  and that user's supplementary group access list as
          set with initgroups(3).  The group ID is  also  changed
          to  this  user's  gid,  unless the -g option is used to

     -g group
          slapd will run with the specified group name or id.

     Note that on some systems, running as a non-privileged  user
     will  prevent  passwd back-ends from accessing the encrypted
     passwords.  Note also that any shell back-ends will  run  as
     the specified non-privileged user.

     -t   slapd will read the configuration file (the default  if
          none is given with the -f switch) and check its syntax,
          without opening any listener or database.

     -c cookie
          This option provides a cookie for the syncrepl replica-
          tion consumer.  The cookie is a comma separated list of
          name=value pairs.  Currently supported syncrepl  cookie
          fields  are  csn,  sid,  and  rid.  csn  is  the commit
          sequence number received by a previous  synchronization
          and  represents  the state of the consumer replica con-
          tent which the syncrepl engine will synchronize to  the
          current  provider  content.  sid is the identity of the
          per-scope session log with which  the  provider  server
          can  process this syncrepl request to reduce synchroni-
          zation traffic.  rid identifies  a  replication  thread
          within the consumer server and is used to find the syn-
          crepl specification in slapd.conf(5) having the  match-
          ing replication identifier in its definition.


     To start slapd and have it fork and detach from the terminal
     and  start serving the LDAP databases defined in the default
     config file, just type:


     To start slapd with an  alternate  configuration  file,  and
     turn  on voluminous debugging which will be printed on stan-
     dard error, type:

OpenLDAP LDVERSION  Last change: RELEASEDATE                    3

SLAPD(8C)             MAINTENANCE COMMANDS              SLAPD(8C)

          LIBEXECDIR/slapd -f /var/tmp/slapd.conf -d 255

     To test whether the configuration file is  correct  or  not,

          LIBEXECDIR/slapd -t


     ldap(3), slapd.conf(5), slapd.access(5), slurpd(8)

     "OpenLDAP               Administrator's               Guide"




     OpenLDAP is developed and maintained by The OpenLDAP Project
     (    OpenLDAP   is   derived  from
     University of Michigan LDAP 3.3 Release.

OpenLDAP LDVERSION  Last change: RELEASEDATE                    4

Man(1) output converted with man2html