diff --git a/lam/docs/manual-sources/howto.xml b/lam/docs/manual-sources/howto.xml
index 8f90745f..e653c6ae 100644
--- a/lam/docs/manual-sources/howto.xml
+++ b/lam/docs/manual-sources/howto.xml
@@ -1972,8 +1972,9 @@ Have fun!
IDs assigned if users create accounts at the same time. Use an
overlay
- like "Attribute Uniqueness" if you have lots of LAM admins
- creating accounts.
+ like "Attribute Uniqueness" (example) if you have lots of
+ LAM admins creating accounts.
@@ -2771,8 +2772,9 @@ Have fun!
Please note that it may happen that there are duplicate IDs assigned
if users create groups at the same time. Use an overlay
- like "Attribute Uniqueness" if you have lots of LAM admins creating
- groups.
+ like "Attribute Uniqueness" (example) if you have lots of LAM
+ admins creating groups.
@@ -6926,18 +6928,59 @@ Run slapindex to rebuild the index.
- Recommended OpenLDAP settings
+ Typical OpenLDAP settingsSome basic hints to configure the OpenLDAP server:
- Size limit: OpenLDAP allows by
- default 500 return values per search, if you have more users/groups/hosts
- change this in slapd.conf: e.g. "sizelimit 10000" or "sizelimit -1" for
- unlimited return values.
+ Size limit:
- Indices: Indices will improve the
- performance when searching for entries in the LDAP directory. The
- following indices are recommended:
+ You will get a message like "LDAP sizelimit exceeded, not all
+ entries are shown." when you hit the LDAP search limit.
+
+ OpenLDAP allows by default 500 return values per search, if you have
+ more users/groups/hosts please change this:
+
+ slapd.conf:
+
+ e.g. "sizelimit 10000" or "sizelimit -1" for unlimited return
+ values
+
+ slapd.d:
+
+ e.g. "olcSizeLimit: 10000" or "olcSizeLimit: -1" for unlimited
+ return values in etc/ldap/slapd.d/cn=config.ldif
+
+
+
+
+ Unique
+ attributes:
+
+ There are cases where you do not want that same attribute values
+ exist multiple times in your database. A good example are UID/GID
+ numbers.
+
+ OpenLDAP provides the attribute
+ uniqueness overlay for this task.
+
+ Example to force unique UID numbers:
+
+ In
+ /etc/ldap/slapd.d/cn=config/cn=module{0}.ldif add
+ "olcModuleLoad: {3}unique" (replace "3" with the highest existing number
+ plus one).
+
+ Now in /etc/ldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif add e.g.
+ "olcUniqueURI: ldap:///?uidNumber?sub"
+
+
+
+
+ Indices:
+
+ Indices will improve the performance when searching for entries in
+ the LDAP directory. The following indices are recommended:index objectClass eq