NAME¶
slapd-bdb, slapd-hdb - Berkeley DB backends to slapd
SYNOPSIS¶
/etc/ldap/slapd.conf
DESCRIPTION¶
The
bdb backend to
slapd(8) uses the Oracle Berkeley DB (BDB)
package to store data. It makes extensive use of indexing and caching to speed
data access.
hdb is the recommended primary database backend. It is a variant of the
bdb backend that uses a hierarchical database layout which supports
subtree renames. It is both more space-efficient and more execution-efficient
than the
bdb backend. It is otherwise identical to the
bdb
behavior, and all the same configuration options apply.
It is noted that these options are intended to complement Berkeley DB
configuration options set in the environment's
DB_CONFIG file. See
Berkeley DB documentation for details on
DB_CONFIG configuration
options. Where there is overlap, settings in
DB_CONFIG take precedence.
CONFIGURATION¶
These
slapd.conf options apply to the
bdb and
hdb backend
database. That is, they must follow a "database bdb" or
"database hdb" line and come before any subsequent
"backend" or "database" lines. Other database options are
described in the
slapd.conf(5) manual page.
- cachesize <integer>
- Specify the size in entries of the in-memory entry cache
maintained by the bdb or hdb backend database instance. The
default is 1000 entries.
- cachefree <integer>
- Specify the number of entries to free from the entry cache
when the cache reaches the cachesize limit. The default is 1
entry.
- checkpoint <kbyte> <min>
- Specify the frequency for checkpointing the database
transaction log. A checkpoint operation flushes the database buffers to
disk and writes a checkpoint record in the log. The checkpoint will occur
if either <kbyte> data has been written or <min>
minutes have passed since the last checkpoint. Both arguments default to
zero, in which case they are ignored. When the <min> argument
is non-zero, an internal task will run every <min> minutes to
perform the checkpoint. See the Berkeley DB reference guide for more
details.
- checksum
- Enable checksum validation of DB pages whenever they are
read from disk. This setting can only be configured before any database
files are created.
- cryptfile <file>
- Specify the pathname of a file containing an encryption key
to use for encrypting the database. Encryption is performed using Berkeley
DB's implementation of AES. Note that encryption can only be configured
before any database files are created, and changing the key can only be
done after destroying the current database and recreating it. Encryption
is not enabled by default, and some distributions of Berkeley DB do not
support encryption.
- cryptkey <key>
- Specify an encryption key to use for encrypting the
database. This option may be used when a separate cryptfile is not
desired. Only one of cryptkey or cryptfile may be
configured.
- dbconfig <Berkeley-DB-setting>
- Specify a configuration directive to be placed in the
DB_CONFIG file of the database directory. The dbconfig
directive is just a convenience to allow all necessary configuration to be
set in the slapd.conf file. The options set using this directive
will only be written to the DB_CONFIG file if no such file existed
at server startup time, otherwise they are completely ignored. This allows
one to set initial values without overwriting/destroying a
DB_CONFIG file that was already customized through other means.
This directive may be specified multiple times, as needed. For
example:
dbconfig set_cachesize 0 1048576 0
dbconfig set_lg_bsize 2097152
- dbnosync
- Specify that on-disk database contents should not be
immediately synchronized with in memory changes. Enabling this option may
improve performance at the expense of data security. See the Berkeley DB
reference guide for more details.
- dbpagesize <dbfile> <size>
- Specify the page size to use for a particular database
file, in units of 1024 bytes. The default for the id2entry file is
16, the default for all other files depends on the size of the underlying
filesystem's block size (typically 4 or 8). The maximum that BerkeleyDB
supports is 64. This setting usually should not need to be changed, but if
BerkeleyDB's "db_stat -d" shows a large amount of overflow pages
in use in a file, setting a larger size may increase performance at the
expense of data integrity. This setting only takes effect when a database
is being newly created. See the Berkeley DB reference guide for more
details.
- directory <directory>
- Specify the directory where the BDB files containing this
database and associated indexes live. A separate directory must be
specified for each database. The default is /var/lib/ldap.
- dirtyread
- Allow reads of modified but not yet committed data. Usually
transactions are isolated to prevent other operations from accessing
uncommitted data. This option may improve performance, but may also return
inconsistent results if the data comes from a transaction that is later
aborted. In this case, the modified data is discarded and a subsequent
search will return a different result.
- dncachesize <integer>
- Specify the maximum number of DNs in the in-memory DN
cache. Ideally this cache should be large enough to contain the DNs of
every entry in the database. If set to a smaller value than the
cachesize it will be silently increased to equal the
cachesize. The default value is 0 which means unlimited, i.e. the
DN cache will grow without bound.
It should be noted that the DN cache is allowed to temporarily grow
beyond the configured size. It does this if many entries are locked when
it tries to do a purge, because that means they're legitimately in use.
Also, the DN cache never purges entries that have cached children,
so depending on the shape of the DIT, it could have lots of cached DNs
over the defined limit.
- idlcachesize <integer>
- Specify the size of the in-memory index cache, in index
slots. The default is zero. A larger value will speed up frequent searches
of indexed entries. An hdb database needs a large
idlcachesize for good search performance, typically three times the
cachesize (entry cache size) or larger.
- index {<attrlist>|default}
[pres,
eq,approx,sub,<special>]
- Specify the indexes to maintain for the given attribute (or
list of attributes). Some attributes only support a subset of indexes. If
only an <attr> is given, the indices specified for
default are maintained. Note that setting a default does not imply
that all attributes will be indexed. Also, for best performance, an
eq index should always be configured for the objectClass
attribute.
A number of special index parameters may be specified. The index type
sub can be decomposed into subinitial,
subany, and subfinal indices. The special type
nolang may be specified to disallow use of this index by language
subtypes. The special type nosubtypes may be specified to disallow
use of this index by named subtypes. Note: changing index settings
in slapd.conf(5) requires rebuilding indices, see
slapindex(8); changing index settings dynamically by
LDAPModifying "cn=config" automatically causes rebuilding of the
indices online in a background task.
- linearindex
- Tell slapindex to index one attribute at a time. By
default, all indexed attributes in an entry are processed at the same
time. With this option, each indexed attribute is processed individually,
using multiple passes through the entire database. This option improves
slapindex performance when the database size exceeds the
dbcache size. When the dbcache is large enough, this option
is not needed and will decrease performance. Also by default,
slapadd performs full indexing and so a separate slapindex
run is not needed. With this option, slapadd does no indexing and
slapindex must be used.
- lockdetect {oldest|youngest|fewest|random|default}
- Specify which transaction to abort when a deadlock is
detected. The default is random.
- mode <integer>
- Specify the file protection mode that newly created
database index files should have. The default is 0600.
- searchstack <depth>
- Specify the depth of the stack used for search filter
evaluation. Search filters are evaluated on a stack to accommodate nested
AND / OR clauses. An individual stack is assigned to each server thread.
The depth of the stack determines how complex a filter can be evaluated
without requiring any additional memory allocation. Filters that are
nested deeper than the search stack depth will cause a separate stack to
be allocated for that particular search operation. These allocations can
have a major negative impact on server performance, but specifying too
much stack will also consume a great deal of memory. Each search stack
uses 512K bytes per level. The default stack depth is 16, thus 8MB per
thread is used.
- shm_key <integer>
- Specify a key for a shared memory BDB environment. By
default the BDB environment uses memory mapped files. If a non-zero value
is specified, it will be used as the key to identify a shared memory
region that will house the environment.
ACCESS CONTROL¶
The
bdb and
hdb backends honor access control semantics as
indicated in
slapd.access(5).
FILES¶
- /etc/ldap/slapd.conf
- default slapd configuration file
- DB_CONFIG
- Berkeley DB configuration file
SEE ALSO¶
slapd.conf(5),
slapd-config(5),
slapd(8),
slapadd(8),
slapcat(8),
slapindex(8), Berkeley DB
documentation.
ACKNOWLEDGEMENTS¶
OpenLDAP Software is developed and maintained by The OpenLDAP Project
<
http://www.openldap.org/>.
OpenLDAP Software is derived from
University of Michigan LDAP 3.3 Release. Originally begun by Kurt Zeilenga.
Caching mechanisms originally designed by Jong-Hyuk Choi. Completion and
subsequent work, as well as back-hdb, by Howard Chu.