<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
  <appendix>
    <title>Typical OpenLDAP settings</title>

    <para>Some basic hints to configure the OpenLDAP server:</para>

    <para><emphasis id="size_limit_exceeded" role="bold">Size
    limit:</emphasis></para>

    <para>You will get a message like "LDAP sizelimit exceeded, not all
    entries are shown." when you hit the LDAP search limit.</para>

    <para>OpenLDAP allows by default 500 return values per search, if you have
    more users/groups/hosts please change this:</para>

    <para>slapd.conf:</para>

    <para>e.g. "sizelimit 10000" or "sizelimit -1" for unlimited return
    values</para>

    <para>slapd.d:</para>

    <para>e.g. "olcSizeLimit: 10000" or "olcSizeLimit: -1" for unlimited
    return values in /etc/ldap/slapd.d/cn=config.ldif</para>

    <literallayout>
</literallayout>

    <para><emphasis id="a_openldap_unique" role="bold">Unique
    attributes:</emphasis></para>

    <para>There are cases where you do not want that same attribute values
    exist multiple times in your database. A good example are UID/GID
    numbers.</para>

    <para>OpenLDAP provides the <ulink
    url="http://www.openldap.org/doc/admin24/overlays.html">attribute
    uniqueness overlay</ulink> for this task.</para>

    <para>Example to force unique UID numbers:</para>

    <para>In
    <emphasis>/etc/ldap/slapd.d/cn=config/cn=module{0}.ldif</emphasis> add
    "olcModuleLoad: {3}unique" (replace "3" with the highest existing number
    plus one).</para>

    <para>Now in /etc/ldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif add e.g.
    "olcUniqueURI: ldap:///?uidNumber?sub"</para>

    <literallayout>
</literallayout>

    <para id="indices"><emphasis role="bold">Indices:</emphasis></para>

    <para>Indices will improve the performance when searching for entries in
    the LDAP directory. The following indices are recommended:</para>

    <simplelist>
      <member>index objectClass eq</member>

      <member>index default sub</member>

      <member>index uidNumber eq</member>

      <member>index gidNumber eq</member>

      <member>index memberUid eq</member>

      <member>index cn,sn,uid,displayName pres,sub,eq</member>

      <member># Samba 3.x</member>

      <member>index sambaSID eq</member>

      <member>index sambaPrimaryGroupSID eq</member>

      <member>index sambaDomainName eq</member>
    </simplelist>
  </appendix>