[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: requesting clarification of slapd.conf-versus-slapd.d configuration

Eric Irrgang wrote:
On Thu, 20 Apr 2006, Howard Chu wrote:

What directives are you talking about getting repeated? Few of them
tolerate being specified redundantly. But the whole point of the config
directory is to show you the active configuration as slapd is using it.
So, the better question for you is, how does slapd behave with repeated

Specifically, I have used an approach of separating out database definitions into separate include files so that the main slapd.conf file could have broader read permissions than the more sensitive parts that include things like rootdn password hashes. In a database specification I may include separate security strenth factors than the global section specifies.

As noted in http://www.openldap.org/lists/openldap-devel/200507/msg00099.html
not all global directives support multiple instances. The security strength factor is set for the entire server, it has no per-database settings. The last setting in the configuration is what stays in effect.

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/