1# $OpenLDAP$ 2# Copyright 1999-2011 The OpenLDAP Foundation, All Rights Reserved. 3# COPYING RESTRICTIONS APPLY, see COPYRIGHT. 4H1: Running slapd 5 6{{slapd}}(8) is designed to be run as a standalone service. This 7allows the server to take advantage of caching, manage concurrency 8issues with underlying databases, and conserve system resources. 9Running from {{inetd}}(8) is {{NOT}} an option. 10 11 12H2: Command-Line Options 13 14{{slapd}}(8) supports a number of command-line options as detailed 15in the manual page. This section details a few commonly used options. 16 17> -f <filename> 18 19This option specifies an alternate configuration file for slapd. 20The default is normally {{F:/usr/local/etc/openldap/slapd.conf}}. 21 22> -F <slapd-config-directory> 23 24Specifies the slapd configuration directory. The default is {{F:/usr/local/etc/openldap/slapd.d}}. 25 26If both {{EX:-f}} and {{EX:-F}} are specified, the config file will be read and converted 27to config directory format and written to the specified directory. 28If neither option is specified, slapd will attempt to read the default config 29directory before trying to use the default config file. If a valid config 30directory exists then the default config file is ignored. All of the slap tools 31that use the config options observe this same behavior. 32 33> -h <URLs> 34 35This option specifies alternative listener configurations. The 36default is {{EX:ldap:///}} which implies {{TERM:LDAP}} over 37{{TERM:TCP}} on all interfaces on the default LDAP port 389. You 38can specify specific host-port pairs or other protocol schemes (such 39as {{EX:ldaps://}} or {{EX:ldapi://}}). 40 41!block table 42URL Protocol Transport 43ldap:/// LDAP TCP port 389 44ldaps:/// LDAP over SSL TCP port 636 45ldapi:/// LDAP IPC (Unix-domain socket) 46!endblock 47 48For example, {{EX:-h 49"ldaps:// ldap://127.0.0.1:666"}} will create two listeners: one 50for the (non-standard) {{EX:ldaps://}} scheme on all interfaces on 51the default {{EX:ldaps://}} port 636, and one for the standard 52{{EX:ldap://}} scheme on the {{EX:localhost}} ({{loopback}}) interface 53on port 666. Hosts may be specified using using hostnames or 54{{TERM:IPv4}} or {{TERM:IPv6}} addresses. Port values must be 55numeric. 56 57For LDAP over IPC, the pathname of the Unix-domain socket can be encoded 58in the URL. Note that directory separators must be 59URL-encoded, like any other characters that are special to URLs. 60Thus the socket {{EX:/usr/local/var/ldapi}} must be encoded as 61 62> ldapi://%2Fusr%2Flocal%2Fvar%2Fldapi 63 64ldapi: is described in detail in {{Using LDAP Over IPC Mechanisms}} [{{REF:Chu-LDAPI}}] 65 66Note that the ldapi:/// transport is not widely implemented: non-OpenLDAP clients 67may not be able to use it. 68 69> -n <service-name> 70 71This option specifies the service name used for logging and 72other purposes. The default service name is {{EX:slapd}}. 73 74> -l <syslog-local-user> 75 76This option specifies the local user for the {{syslog}}(8) 77facility. Values can be {{EX:LOCAL0}}, {{EX:LOCAL1}}, {{EX:LOCAL2}}, ..., 78and {{EX:LOCAL7}}. The default is {{EX:LOCAL4}}. This option 79may not be supported on all systems. 80 81> -u user -g group 82 83These options specify the user and group, respectively, to run 84as. {{EX:user}} can be either a user name or uid. {{EX:group}} 85can be either a group name or gid. 86 87> -r directory 88 89This option specifies a run-time directory. slapd will 90{{chroot}}(2) to this directory after opening listeners but 91before reading any configuration files or initializing 92any backends. 93. 94 95> -d <level> | ? 96 97This option sets the slapd debug level to <level>. When level is a 98`?' character, the various debugging levels are printed and slapd 99exits, regardless of any other options you give it. Current 100debugging levels are 101 102!block table; colaligns="RL"; align=Center; \ 103 title="Table 7.1: Debugging Levels" 104Level Keyword Description 105-1 any enable all debugging 1060 no debugging 1071 (0x1 trace) trace function calls 1082 (0x2 packets) debug packet handling 1094 (0x4 args) heavy trace debugging 1108 (0x8 conns) connection management 11116 (0x10 BER) print out packets sent and received 11232 (0x20 filter) search filter processing 11364 (0x40 config) configuration processing 114128 (0x80 ACL) access control list processing 115256 (0x100 stats) stats log connections/operations/results 116512 (0x200 stats2) stats log entries sent 1171024 (0x400 shell) print communication with shell backends 1182048 (0x800 parse) print entry parsing debugging 11916384 (0x4000 sync) syncrepl consumer processing 12032768 (0x8000 none) only messages that get logged whatever log level is set 121!endblock 122 123You may enable multiple levels by specifying the debug option once for each desired level. Or, since debugging levels are additive, you can do the math yourself. That is, if you want to trace function calls and watch the config file being processed, you could set level to the sum of those two levels (in this case, {{EX: -d 65}}). Or, you can let slapd do the math, (e.g. {{EX: -d 1 -d 64}}). Consult {{F: <ldap_log.h>}} for more details. 124 125Note: slapd must have been compiled with {{EX:--enable-debug}} 126defined for any debugging information beyond the two stats levels 127to be available (the default). 128 129 130H2: Starting slapd 131 132In general, slapd is run like this: 133 134> /usr/local/libexec/slapd [<option>]* 135 136where {{F:/usr/local/libexec}} is determined by {{EX:configure}} 137and <option> is one of the options described above (or in {{slapd}}(8)). 138Unless you have specified a debugging level (including level {{EX:0}}), 139slapd will automatically fork and detach itself from its controlling 140terminal and run in the background. 141 142H2: Stopping slapd 143 144To kill off {{slapd}}(8) safely, you should give a command like this 145 146> kill -INT `cat /usr/local/var/slapd.pid` 147 148where {{F:/usr/local/var}} is determined by {{EX:configure}}. 149 150Killing slapd by a more drastic method may cause information loss or 151database corruption. 152