"Fossies" - the Fresh Open Source Software Archive

Member "ldap-account-manager-6.9/docs/manual/apc.html" (29 Sep 2019, 3906 Bytes) of package /linux/privat/ldap-account-manager-6.9.tar.bz2:

Caution: In this restricted "Fossies" environment the current HTML page may not be correctly presentated and may have some non-functional links. You can here alternatively try to browse the pure source code or just view or download the uninterpreted raw source code. If the rendering is insufficient you may try to find and view the page on the ldap-account-manager-6.9.tar.bz2 project site itself.

Appendix C. Typical OpenLDAP settings

Some basic hints to configure the OpenLDAP server:

Size limit:

You will get a message like "LDAP sizelimit exceeded, not all entries are shown." when you hit the LDAP search limit.

OpenLDAP allows by default 500 return values per search, if you have more users/groups/hosts please change this:


e.g. "sizelimit 10000" or "sizelimit -1" for unlimited return values


e.g. "olcSizeLimit: 10000" or "olcSizeLimit: -1" for unlimited return values in /etc/ldap/slapd.d/cn=config.ldif

Unique attributes:

There are cases where you do not want that same attribute values exist multiple times in your database. A good example are UID/GID numbers.

OpenLDAP provides the attribute uniqueness overlay for this task.

Example to force unique UID numbers:

In /etc/ldap/slapd.d/cn=config/cn=module{0}.ldif add "olcModuleLoad: {3}unique" (replace "3" with the highest existing number plus one).

Now in /etc/ldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif add e.g. "olcUniqueURI: ldap:///?uidNumber?sub"


Indices will improve the performance when searching for entries in the LDAP directory. The following indices are recommended:

index objectClass eq
index default sub
index uidNumber eq
index gidNumber eq
index memberUid eq
index cn,sn,uid,displayName pres,sub,eq
# Samba 3.x
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq