289 lines
10 KiB
Groff
289 lines
10 KiB
Groff
.lf 1 stdin
|
|
.TH SLAPD-BDB 5 "2014/01/26" "OpenLDAP 2.4.39"
|
|
.\" Copyright 1998-2014 The OpenLDAP Foundation All Rights Reserved.
|
|
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
|
|
.\" $OpenLDAP$
|
|
.SH NAME
|
|
slapd\-bdb, slapd\-hdb \- Berkeley DB backends to slapd
|
|
.SH SYNOPSIS
|
|
.B /etc/openldap/slapd.conf
|
|
.SH DESCRIPTION
|
|
The \fBbdb\fP backend to
|
|
.BR slapd (8)
|
|
uses the Oracle Berkeley DB (BDB) package to store data.
|
|
It makes extensive use of indexing and caching to speed data access.
|
|
.LP
|
|
\fBhdb\fP is the recommended primary database backend. It is a variant of
|
|
the \fBbdb\fP backend that uses a hierarchical database layout which
|
|
supports subtree renames. It is both more space-efficient and more
|
|
execution-efficient than the \fBbdb\fP backend. It is otherwise identical
|
|
to the \fBbdb\fP behavior, and all the same configuration options apply.
|
|
.LP
|
|
It is noted that these options are intended to complement
|
|
Berkeley DB configuration options set in the environment's
|
|
.B DB_CONFIG
|
|
file. See Berkeley DB documentation for details on
|
|
.B DB_CONFIG
|
|
configuration options.
|
|
Where there is overlap, settings in
|
|
.B DB_CONFIG
|
|
take precedence.
|
|
.SH CONFIGURATION
|
|
These
|
|
.B slapd.conf
|
|
options apply to the \fBbdb\fP and \fBhdb\fP backend database.
|
|
That is, they must follow a "database bdb" or "database hdb" line and
|
|
come before any subsequent "backend" or "database" lines.
|
|
Other database options are described in the
|
|
.BR slapd.conf (5)
|
|
manual page.
|
|
.TP
|
|
.BI cachesize \ <integer>
|
|
Specify the size in entries of the in-memory entry cache maintained
|
|
by the \fBbdb\fP or \fBhdb\fP backend database instance.
|
|
The default is 1000 entries.
|
|
.TP
|
|
.BI cachefree \ <integer>
|
|
Specify the number of entries to free from the entry cache when the
|
|
cache reaches the \fBcachesize\fP limit.
|
|
The default is 1 entry.
|
|
.TP
|
|
.BI checkpoint \ <kbyte>\ <min>
|
|
Specify the frequency for checkpointing the database transaction log.
|
|
A checkpoint operation flushes the database buffers to disk and writes
|
|
a checkpoint record in the log.
|
|
The checkpoint will occur if either \fI<kbyte>\fP data has been written or
|
|
\fI<min>\fP minutes have passed since the last checkpoint.
|
|
Both arguments default to zero, in which case they are ignored. When
|
|
the \fI<min>\fP argument is non-zero, an internal task will run every
|
|
\fI<min>\fP minutes to perform the checkpoint.
|
|
See the Berkeley DB reference guide for more details.
|
|
.TP
|
|
.B checksum
|
|
Enable checksum validation of DB pages whenever they are read from disk.
|
|
This setting can only be configured before any database files are created.
|
|
.TP
|
|
.BI cryptfile \ <file>
|
|
Specify the pathname of a file containing an encryption key to use for
|
|
encrypting the database. Encryption is performed using Berkeley DB's
|
|
implementation of AES. Note that encryption can only be configured before
|
|
any database files are created, and changing the key can only be done
|
|
after destroying the current database and recreating it. Encryption is
|
|
not enabled by default, and some distributions of Berkeley DB do not
|
|
support encryption.
|
|
.TP
|
|
.BI cryptkey \ <key>
|
|
Specify an encryption key to use for encrypting the database. This option
|
|
may be used when a separate
|
|
.I cryptfile
|
|
is not desired. Only one of
|
|
.B cryptkey
|
|
or
|
|
.B cryptfile
|
|
may be configured.
|
|
.TP
|
|
.BI dbconfig \ <Berkeley-DB-setting>
|
|
Specify a configuration directive to be placed in the
|
|
.B DB_CONFIG
|
|
file of the database directory. The
|
|
.B dbconfig
|
|
directive is just a convenience
|
|
to allow all necessary configuration to be set in the
|
|
.B slapd.conf
|
|
file.
|
|
The options set using this directive will only be written to the
|
|
.B DB_CONFIG
|
|
file if no such file existed at server startup time, otherwise
|
|
they are completely ignored. This allows one
|
|
to set initial values without overwriting/destroying a
|
|
.B DB_CONFIG
|
|
file that was already customized through other means.
|
|
This directive may be specified multiple times, as needed.
|
|
For example:
|
|
.RS
|
|
.nf
|
|
dbconfig set_cachesize 0 1048576 0
|
|
dbconfig set_lg_bsize 2097152
|
|
.fi
|
|
.RE
|
|
.TP
|
|
.B dbnosync
|
|
Specify that on-disk database contents should not be immediately
|
|
synchronized with in memory changes.
|
|
Enabling this option may improve performance at the expense of data
|
|
security.
|
|
See the Berkeley DB reference guide for more details.
|
|
.TP
|
|
\fBdbpagesize \fR \fI<dbfile> <size>\fR
|
|
Specify the page size to use for a particular database file, in units
|
|
of 1024 bytes. The default for the
|
|
.B id2entry
|
|
file is 16, the default for all other files depends on the size of the
|
|
underlying filesystem's block size (typically 4 or 8).
|
|
The maximum that BerkeleyDB supports is 64. This
|
|
setting usually should not need to be changed, but if BerkeleyDB's
|
|
"db_stat \-d" shows a large amount of overflow pages in use in a file,
|
|
setting a larger size may increase performance at the expense of
|
|
data integrity. This setting only takes effect when a database is
|
|
being newly created. See the Berkeley DB reference guide for more details.
|
|
.TP
|
|
.BI directory \ <directory>
|
|
Specify the directory where the BDB files containing this database and
|
|
associated indexes live.
|
|
A separate directory must be specified for each database.
|
|
The default is
|
|
.BR /var/openldap/openldap\-data .
|
|
.TP
|
|
.B dirtyread
|
|
Allow reads of modified but not yet committed data.
|
|
Usually transactions are isolated to prevent other operations from
|
|
accessing uncommitted data.
|
|
This option may improve performance, but may also return inconsistent
|
|
results if the data comes from a transaction that is later aborted.
|
|
In this case, the modified data is discarded and a subsequent search
|
|
will return a different result.
|
|
.TP
|
|
.BI dncachesize \ <integer>
|
|
Specify the maximum number of DNs in the in-memory DN cache.
|
|
Ideally this cache should be
|
|
large enough to contain the DNs of every entry in the database. If
|
|
set to a smaller value than the \fBcachesize\fP it will be silently
|
|
increased to equal the \fBcachesize\fP. The default value is 0 which
|
|
means unlimited, i.e. the DN cache will grow without bound.
|
|
|
|
It should be noted that the \fBDN cache\fP is allowed to temporarily
|
|
grow beyond the configured size. It does this if many entries are
|
|
locked when it tries to do a purge, because that means they're
|
|
legitimately in use. Also, the \fBDN cache\fP never purges entries
|
|
that have cached children, so depending on the shape of the DIT, it
|
|
could have lots of cached DNs over the defined limit.
|
|
.TP
|
|
.BI idlcachesize \ <integer>
|
|
Specify the size of the in-memory index cache, in index slots. The
|
|
default is zero. A larger value will speed up frequent searches of
|
|
indexed entries. An \fBhdb\fP database needs a large \fBidlcachesize\fP
|
|
for good search performance, typically three times the
|
|
.B cachesize
|
|
(entry cache size)
|
|
or larger.
|
|
.TP
|
|
\fBindex \fR{\fI<attrlist>\fR|\fBdefault\fR} [\fBpres\fR,\fBeq\fR,\fBapprox\fR,\fBsub\fR,\fI<special>\fR]
|
|
Specify the indexes to maintain for the given attribute (or
|
|
list of attributes).
|
|
Some attributes only support a subset of indexes.
|
|
If only an \fI<attr>\fP is given, the indices specified for \fBdefault\fR
|
|
are maintained.
|
|
Note that setting a default does not imply that all attributes will be
|
|
indexed. Also, for best performance, an
|
|
.B eq
|
|
index should always be configured for the
|
|
.B objectClass
|
|
attribute.
|
|
|
|
A number of special index parameters may be specified.
|
|
The index type
|
|
.B sub
|
|
can be decomposed into
|
|
.BR subinitial ,
|
|
.BR subany ,\ and
|
|
.B subfinal
|
|
indices.
|
|
The special type
|
|
.B nolang
|
|
may be specified to disallow use of this index by language subtypes.
|
|
The special type
|
|
.B nosubtypes
|
|
may be specified to disallow use of this index by named subtypes.
|
|
Note: changing \fBindex\fP settings in
|
|
.BR slapd.conf (5)
|
|
requires rebuilding indices, see
|
|
.BR slapindex (8);
|
|
changing \fBindex\fP settings
|
|
dynamically by LDAPModifying "cn=config" automatically causes rebuilding
|
|
of the indices online in a background task.
|
|
.TP
|
|
.B linearindex
|
|
Tell
|
|
.B slapindex
|
|
to index one attribute at a time. By default, all indexed
|
|
attributes in an entry are processed at the same time. With this option,
|
|
each indexed attribute is processed individually, using multiple passes
|
|
through the entire database. This option improves
|
|
.B slapindex
|
|
performance
|
|
when the database size exceeds the \fBdbcache\fP size. When the \fBdbcache\fP is
|
|
large enough, this option is not needed and will decrease performance.
|
|
Also by default,
|
|
.B slapadd
|
|
performs full indexing and so a separate
|
|
.B slapindex
|
|
run is not needed. With this option,
|
|
.B slapadd
|
|
does no indexing and
|
|
.B slapindex
|
|
must be used.
|
|
.TP
|
|
.BR lockdetect \ { oldest | youngest | fewest | random | default }
|
|
Specify which transaction to abort when a deadlock is detected.
|
|
The default is
|
|
.BR random .
|
|
.TP
|
|
.BI mode \ <integer>
|
|
Specify the file protection mode that newly created database
|
|
index files should have.
|
|
The default is 0600.
|
|
.TP
|
|
.BI searchstack \ <depth>
|
|
Specify the depth of the stack used for search filter evaluation.
|
|
Search filters are evaluated on a stack to accommodate nested AND / OR
|
|
clauses. An individual stack is assigned to each server thread.
|
|
The depth of the stack determines how complex a filter can be
|
|
evaluated without requiring any additional memory allocation. Filters that
|
|
are nested deeper than the search stack depth will cause a separate
|
|
stack to be allocated for that particular search operation. These
|
|
allocations can have a major negative impact on server performance,
|
|
but specifying too much stack will also consume a great deal of memory.
|
|
Each search stack uses 512K bytes per level. The default stack depth
|
|
is 16, thus 8MB per thread is used.
|
|
.TP
|
|
.BI shm_key \ <integer>
|
|
Specify a key for a shared memory BDB environment. By default the
|
|
BDB environment uses memory mapped files. If a non-zero value is
|
|
specified, it will be used as the key to identify a shared memory
|
|
region that will house the environment.
|
|
.SH ACCESS CONTROL
|
|
The
|
|
.B bdb
|
|
and
|
|
.B hdb
|
|
backends honor access control semantics as indicated in
|
|
.BR slapd.access (5).
|
|
.SH FILES
|
|
.TP
|
|
.B /etc/openldap/slapd.conf
|
|
default
|
|
.B slapd
|
|
configuration file
|
|
.TP
|
|
.B DB_CONFIG
|
|
Berkeley DB configuration file
|
|
.SH SEE ALSO
|
|
.BR slapd.conf (5),
|
|
.BR slapd\-config (5),
|
|
.BR slapd (8),
|
|
.BR slapadd (8),
|
|
.BR slapcat (8),
|
|
.BR slapindex (8),
|
|
Berkeley DB documentation.
|
|
.SH ACKNOWLEDGEMENTS
|
|
.lf 1 ./../Project
|
|
.\" Shared Project Acknowledgement Text
|
|
.B "OpenLDAP Software"
|
|
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
|
|
.B "OpenLDAP Software"
|
|
is derived from University of Michigan LDAP 3.3 Release.
|
|
.lf 279 stdin
|
|
Originally begun by Kurt Zeilenga. Caching mechanisms originally designed
|
|
by Jong-Hyuk Choi. Completion and subsequent work, as well as
|
|
back-hdb, by Howard Chu.
|