File: /home/posscale/subdomains/Phone_directories/docs/manual/apc.html
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Appendix�C.�Typical OpenLDAP settings</title><link rel="stylesheet" type="text/css" href="style.css"><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="LDAP Account Manager - Manual"><link rel="up" href="index.html" title="LDAP Account Manager - Manual"><link rel="prev" href="apbs07.html" title="Nginx configuration"><link rel="next" href="apd.html" title="Appendix�D.�Setup of email (SMTP) server"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Appendix�C.�Typical OpenLDAP settings</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="apbs07.html">Prev</a>�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="apd.html">Next</a></td></tr></table><hr></div><div class="appendix"><div class="titlepage"><div><div><h1 class="title"><a name="idp51911728"></a>Appendix�C.�Typical OpenLDAP settings</h1></div></div></div><p>Some basic hints to configure the OpenLDAP server:</p><p><span class="bold"><a name="size_limit_exceeded"></a><strong>Size
limit:</strong></span></p><p>You will get a message like "LDAP sizelimit exceeded, not all
entries are shown." when you hit the LDAP search limit.</p><p>OpenLDAP allows by default 500 return values per search, if you have
more users/groups/hosts please change this:</p><p>slapd.conf:</p><p>e.g. "sizelimit 10000" or "sizelimit -1" for unlimited return
values</p><p>slapd.d:</p><p>e.g. "olcSizeLimit: 10000" or "olcSizeLimit: -1" for unlimited
return values in /etc/ldap/slapd.d/cn=config.ldif</p><div class="literallayout"><p><br>
</p></div><p><span class="bold"><a name="a_openldap_unique"></a><strong>Unique
attributes:</strong></span></p><p>There are cases where you do not want that same attribute values
exist multiple times in your database. A good example are UID/GID
numbers.</p><p>OpenLDAP provides the <a class="ulink" href="http://www.openldap.org/doc/admin24/overlays.html" target="_top">attribute
uniqueness overlay</a> for this task.</p><p>Example to force unique UID numbers:</p><p>In
<span class="emphasis"><em>/etc/ldap/slapd.d/cn=config/cn=module{0}.ldif</em></span> add
"olcModuleLoad: {3}unique" (replace "3" with the highest existing number
plus one).</p><p>Now in /etc/ldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif add e.g.
"olcUniqueURI: ldap:///?uidNumber?sub"</p><div class="literallayout"><p><br>
</p></div><p><a name="indices"></a><span class="bold"><strong>Indices:</strong></span></p><p>Indices will improve the performance when searching for entries in
the LDAP directory. The following indices are recommended:</p><table border="0" summary="Simple list" class="simplelist"><tr><td>index objectClass eq</td></tr><tr><td>index default sub</td></tr><tr><td>index uidNumber eq</td></tr><tr><td>index gidNumber eq</td></tr><tr><td>index memberUid eq</td></tr><tr><td>index cn,sn,uid,displayName pres,sub,eq</td></tr><tr><td># Samba 3.x</td></tr><tr><td>index sambaSID eq</td></tr><tr><td>index sambaPrimaryGroupSID eq</td></tr><tr><td>index sambaDomainName eq</td></tr></table></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="apbs07.html">Prev</a>�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="apd.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Nginx configuration�</td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top">�Appendix�D.�Setup of email (SMTP) server</td></tr></table></div></body></html>