Путеводитель по Руководству Linux

  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |



   slapd.access    ( 5 )

конфигурация доступа для slapd, автономного демона LDAP (access configuration for slapd, the stand-alone LDAP daemon)

Описание (Description)

The slapd.conf(5) file contains configuration information for the
       slapd(8) daemon. This configuration file is also used by the
       SLAPD tools slapacl(8), slapadd(8), slapauth(8), slapcat(8),
       slapdn(8), slapindex(8), slapmodify(8), and slaptest(8).

The slapd.conf file consists of a series of global configuration options that apply to slapd as a whole (including all backends), followed by zero or more database backend definitions that contain information specific to a backend instance.

The general format of slapd.conf is as follows:

# comment - these options apply to every database <global configuration options> # first database definition & configuration options database <backend 1 type> <configuration options specific to backend 1> # subsequent database definitions & configuration options ...

Both the global configuration and each backend-specific section can contain access information. Backend-specific access control directives are used for those entries that belong to the backend, according to their naming context. In case no access control directives are defined for a backend or those which are defined are not applicable, the directives from the global configuration section are then used.

If no access controls are present, the default policy allows anyone and everyone to read anything but restricts updates to rootdn. (e.g., "access to * by * read").

When dealing with an access list, because the global access list is effectively appended to each per-database list, if the resulting list is non-empty then the access list will end with an implicit access to * by * none directive. If there are no access directives applicable to a backend, then a default read is used.

Be warned: the rootdn can always read and write EVERYTHING!

For entries not held in any backend (such as a root DSE), the global directives are used.

Arguments that should be replaced by actual text are shown in brackets <>.