====== OpenLDAP init script======

===== Presentation =====

The init script ''slapd'' provide start, stop and other commands for OpenLDAP daemon. It requires:
  * Logger, to forward messages to syslog
  * Awk, for regular expression management
  * BerkeleyDB, for recover and archive tools
  * OpenLDAP, for save, index, ... tools

Configuration of this script can be done in an external file, with the same name as the init script in ''/etc/default''.

A backup feature allows to save all data or configuration in an LDIF file, compressed or not. The restore feature import the last backup in the directory.

<note tip>This script is included in [[openldap-rpm|LTB OpenLDAP RPMS]]</note>

===== Usage =====

Run the script like that:

<code>
# /etc/init.d/slapd action
</code>

With action in:
  * ''start'':
    * Test configuration
    * Start slurpd if needed
    * Start slapd with data recover if needed
  * ''stop'':
    * Stop ''slapd'' and save data if needed
    * Stop ''slurpd'' if needed
  * ''forcestop'':
    * If script can read PID, do a ''kill -KILL PID''
    * Else ''killall -KILL'' on binaries name
  * ''restart'':
    * Launch ''stop''
    * Launch ''start''
  * ''force-reload'':
    * Force stop
    * Config test
    * Start 
  * ''configtest'': test configuration
  * ''db_recover'': data recover (slapd must be stopped)
  * ''reindex'': data index (slapd must be stopped)
  * ''removelogs'': archive old BerkeleyDB logs (slapd must be stopped)
  * ''backup'': LDIF export of all data
  * ''restore'': Remove current data and restore last backup
  * ''backupconfig'': LDIF export of configuration or copy of slapd.conf
  * ''restoreconfig'': Remove current configuration and restore last backup
  * ''status'': Display running status and naming contexts
  * ''debug'': Stop OpenLDAP and restart it in debug mode (level can be configured), with output on the console

===== Installation =====

Copy script in ''/etc/init.d'':
<code>
# mv slapd /etc/init.d
# chmod +x /etc/init.d/slapd
</code>

Configure the service in init levels:
<code>
# ln -s /etc/init.d/slapd /etc/rc3.d/S90slapd
# ln -s /etc/init.d/slapd /etc/rc4.d/S90slapd
# ln -s /etc/init.d/slapd /etc/rc5.d/S90slapd
# ln -s /etc/init.d/slapd /etc/rc0.d/K10slapd
# ln -s /etc/init.d/slapd /etc/rc6.d/K10slapd
</code>

For RedHat based systems:
<code>
# chkconfig --add slapd
</code>

For Debian base systems:
<code>
# update-rc.d slapd defaults
</code>

Configuration file must be installed in ''/etc/default'':

<code>
# mkdir -p /etc/default
# mv slapd.default /etc/default/slapd
# chmod 600 /etc/default/slapd
</code>

You can run several OpenLDAP daemons on the same server, and use different init scripts. For example to have a "slapd2" init script:
<code>
# ln -s /etc/init.d/slapd /etc/init.d/slapd2
# cp /etc/default/slapd /etc/default/slapd2
</code>

===== Configuration =====

Use the external file in ''/etc/default'' rather than editing directly the script.

  * Following parameters are mandatory:

| //Parameter// | //Description// |
| ''IP'' | Listen address for standard LDAP requests. Meta character ''*'' can be used for all interfaces |
| ''PORT'' | Listen port for standard LDAP requests. Use ''SLAPD_SERVICES'' if you need several ports |
| ''SSLIP'' | Listen address for LDAPS requests. Meta character ''*'' can be used for all interfaces |
| ''SSLPORT'' | Listen port for LDAPS requests. Use ''SLAPD_SERVICES'' if you need several ports |
| - |   |
| ''SLAPD_PATH'' | OpenLDAP main directory |
| ''DATA_PATH'' | Data directory. You can set ''auto'' to get directories configured in ''slapd.conf'' |
| ''SLAPD_PID_FILE'' | The ''pidfile'' parameter of ''slapd.conf'' |
| ''SLAPD_CONF'' | Main configuration file |
| ''SLAPD_SERVICES'' | Listen URI LDAP list, separated by spaces  |
| ''SLAPD_BIN'' | ''slapd'' binary path |
| - | |
| ''SLAPADD_BIN'' | ''slapadd'' binary path |
| ''SLAPCAT_BIN'' | ''slapcat'' binary path |
| ''SLAPINDEX_BIN'' | ''slapindex'' binary path |
| ''SLAPTEST_BIN'' | ''slaptest'' binary path |
| - | |
| ''SLURPD_PID_FILE'' | The ''replica-pidfile'' parameter of ''slapd.conf'' |
| ''SLURPD_BIN'' | ''slurpd'' binary path |
| - | |
| ''BDB_PATH'' | BerkeleyDB main directory |
| ''DB_ARCHIVE_BIN'' | ''db_archive'' binary path |
| ''DB_RECOVER_BIN'' | ''db_recover'' binary path |
| ''RECOVER_AT_STARTUP'' | Force data recover on startup. Should not be used for OpenLDAP > 2.2 |
| - | |
| ''BACKUP_AT_SHUTDOWN'' | Backup data when slapd is stopped |
| ''BACKUP_PATH'' | Backup directory |
| ''BACKUP_SUFFIX'' | Backup file suffix |
| - | |
| ''TIMEOUT'' | Stop slapd timeout. After that, you need to use the ''forcestop'' rule |
| ''FD_LIMIT'' | Maximum opened file descriptor |

  * Following parameters are not mandatory (they can contain ''""'') :

| //Parameter// | //Description// |
| ''SLAPD_PARAMS'' | Additional options for''slapd''. options ''-h'', ''-f'', ''-u'' et ''-g'' are already managed |
| ''SLAPD_CONF_DIR'' | Main configuration dir (cancel SLAPD_CONF parameter) |
| ''SLAPD_USER'' | Owner user of  ''slapd'' and''slurpd'' process |
| ''SLAPD_GROUP'' | Owner group of  ''slapd'' and''slurpd'' process  |
| ''SLAPD_SYSLOG_LOCAL_USER'' | Syslog local user (by default local4) |
| - | |
| ''SLURPD_PARAMS'' | Additional options for ''slurpd''. Option ''-f'' is already managed |
| - | |
| ''BACKUP_COMPRESS_EXT'' | Extension of LDIF compressed file. No compression is done if this is empty |
| ''BACKUP_COMPRESS_BIN'' | Binary used to compress LDIF file |
| ''BACKUP_UNCOMPRESS_BIN'' | Binary used to uncompress LDIF file |
| ''DEBUG_LEVEL'' | OpenLDAP log level to use in debug mode. Default is 256 (stats) |
| ''SPECIAL_QUOTE'' | Some shell force quote on parameter when they are used in a command. Set 0 to let shell quote parameters, and 1 to explicitly quote parameters ([[http://tools.ltb-project.org/issues/271|see related issue]]). Default is 1 |