Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
SLAPD-BDB(5)		      File Formats Manual		  SLAPD-BDB(5)

       slapd-bdb, slapd-hdb - Berkeley DB backends to slapd


       The  bdb	 backend to slapd(8) uses the Oracle Berkeley DB (BDB) package
       to store	data.  It makes	extensive use of indexing and caching to speed
       data access.

       Note  that  BDB	is  deprecated	and  support will be dropped in	future
       OpenLDAP	releases. Installations	should use the mdb backend instead.

       hdb is a	variant	of the bdb backend that	uses a	hierarchical  database
       layout  which supports subtree renames. It is both more space-efficient
       and more	execution-efficient than the bdb  backend.   It	 is  otherwise
       identical  to  the bdb behavior,	and all	the same configuration options

       It is noted that	these options are intended to complement  Berkeley  DB
       configuration  options  set  in	the environment's DB_CONFIG file.  See
       Berkeley	DB documentation for details on	 DB_CONFIG  configuration  op-
       tions.  Where there is overlap, settings	in DB_CONFIG take precedence.

       These  slapd.conf  options  apply  to the bdb and hdb backend database.
       That is,	they must follow a "database bdb" or "database hdb"  line  and
       come  before any	subsequent "backend" or	"database" lines.  Other data-
       base options are	described in the slapd.conf(5) manual page.

       cachesize _integer_
	      Specify the size in entries of the in-memory entry  cache	 main-
	      tained by	the bdb	or hdb backend database	instance.  The default
	      is 1000 entries.

       cachefree _integer_
	      Specify the number of entries to free from the entry cache  when
	      the cache	reaches	the cachesize limit.  The default is 1 entry.

       checkpoint _kbyte_ _min_
	      Specify the frequency for	checkpointing the database transaction
	      log.  A checkpoint operation flushes  the	 database  buffers  to
	      disk  and	writes a checkpoint record in the log.	The checkpoint
	      will occur if either _kbyte_ data	has been written or _min_ min-
	      utes  have passed	since the last checkpoint.  Both arguments de-
	      fault to zero, in	which case they	are ignored.  When  the	 _min_
	      argument is non-zero, an internal	task will run every _min_ min-
	      utes to perform the checkpoint.  See the Berkeley	 DB  reference
	      guide for	more details.

	      Enable  checksum	validation  of DB pages	whenever they are read
	      from disk.  This setting can only	be configured before any data-
	      base files are created.

       cryptfile _file_
	      Specify  the  pathname of	a file containing an encryption	key to
	      use for encrypting the database. Encryption is  performed	 using
	      Berkeley	DB's  implementation  of AES. Note that	encryption can
	      only be configured before	any database files  are	 created,  and
	      changing	the  key can only be done after	destroying the current
	      database and recreating it. Encryption is	 not  enabled  by  de-
	      fault,  and some distributions of	Berkeley DB do not support en-

       cryptkey	_key_
	      Specify an encryption key	to use for  encrypting	the  database.
	      This  option  may	 be  used when a separate cryptfile is not de-
	      sired. Only one of cryptkey or cryptfile may be configured.

       dbconfig	_Berkeley-DB-setting_
	      Specify a	configuration directive	to be placed in	the  DB_CONFIG
	      file of the database directory. The dbconfig directive is	just a
	      convenience to allow all necessary configuration to  be  set  in
	      the  slapd.conf file.  The options set using this	directive will
	      only be written to the DB_CONFIG file if no such file existed at
	      server startup time, otherwise they are completely ignored. This
	      allows one to set	initial	values without	overwriting/destroying
	      a	 DB_CONFIG  file  that	was  already  customized through other
	      means.  This directive  may  be  specified  multiple  times,  as
	      needed.  For example:
		   dbconfig set_cachesize 0 1048576 0
		   dbconfig set_lg_bsize 2097152

	      Specify that on-disk database contents should not	be immediately
	      synchronized with	in memory changes.  Enabling this  option  may
	      improve  performance  at	the expense of data security.  See the
	      Berkeley DB reference guide for more details.

       dbpagesize  _dbfile_ _size_
	      Specify the page size to use for a particular database file,  in
	      units  of	 1024  bytes. The default for the id2entry file	is 16,
	      the default for all other	files depends on the size of  the  un-
	      derlying	filesystem's block size	(typically 4 or	8).  The maxi-
	      mum that BerkeleyDB supports is 64. This setting usually	should
	      not need to be changed, but if BerkeleyDB's "db_stat -d" shows a
	      large amount of overflow pages in	 use  in  a  file,  setting  a
	      larger  size may increase	performance at the expense of data in-
	      tegrity. This setting only takes effect when a database is being
	      newly  created. See the Berkeley DB reference guide for more de-

       directory _directory_
	      Specify the directory where the BDB files	containing this	 data-
	      base  and	associated indexes live.  A separate directory must be
	      specified	for each  database.   The  default  is	/var/db/openl-

	      Allow  reads  of	modified  but not yet committed	data.  Usually
	      transactions are isolated	to prevent other operations  from  ac-
	      cessing  uncommitted data.  This option may improve performance,
	      but may also return inconsistent results if the data comes  from
	      a	transaction that is later aborted.  In this case, the modified
	      data is discarded	and a subsequent search	will return a  differ-
	      ent result.

       dncachesize _integer_
	      Specify  the  maximum  number  of	DNs in the in-memory DN	cache.
	      Ideally this cache should	be large enough	to contain the DNs  of
	      every  entry in the database. If set to a	smaller	value than the
	      cachesize	it will	be silently increased to equal the  cachesize.
	      The  default value is 0 which means unlimited, i.e. the DN cache
	      will grow	without	bound.

	      It should	be noted that the DN cache is allowed  to  temporarily
	      grow  beyond  the	 configured size. It does this if many entries
	      are locked when it tries to  do  a  purge,  because  that	 means
	      they're legitimately in use. Also, the DN	cache never purges en-
	      tries that have cached children, so depending on	the  shape  of
	      the  DIT,	 it  could  have  lots	of cached DNs over the defined

       idlcachesize _integer_
	      Specify the size of the in-memory	index cache, in	 index	slots.
	      The  default  is	zero.  A  larger  value	will speed up frequent
	      searches of indexed entries. An hdb database needs a large  idl-
	      cachesize	for good search	performance, typically three times the
	      cachesize	(entry cache size) or larger.

       index {_attrlist_|default} [pres,eq,approx,sub,_special_]
	      Specify the indexes to maintain for the given attribute (or list
	      of  attributes).	 Some  attributes only support a subset	of in-
	      dexes.  If only an _attr_	is given, the  indices	specified  for
	      default  are  maintained.	  Note that setting a default does not
	      imply that all attributes	will be	indexed. Also, for  best  per-
	      formance,	 an  eq	 index should always be	configured for the ob-
	      jectClass	attribute.

	      A	number of special index	parameters may be specified.  The  in-
	      dex type sub can be decomposed into subinitial, subany, and sub-
	      final indices.  The special type nolang may be specified to dis-
	      allow  use of this index by language subtypes.  The special type
	      nosubtypes may be	specified to disallow use  of  this  index  by
	      named  subtypes.	Note: changing index settings in slapd.conf(5)
	      requires rebuilding indices, see	slapindex(8);  changing	 index
	      settings	dynamically by LDAPModifying "cn=config" automatically
	      causes rebuilding	of the indices online in a background task.

	      Tell slapindex to	index one attribute at a time. By default, all
	      indexed  attributes  in an entry are processed at	the same time.
	      With this	option,	each indexed attribute is processed  individu-
	      ally,  using  multiple  passes through the entire	database. This
	      option improves slapindex	performance when the database size ex-
	      ceeds  the  dbcache size.	When the dbcache is large enough, this
	      option is	not needed and will decrease performance.  Also	by de-
	      fault,  slapadd performs full indexing and so a separate slapin-
	      dex run is not needed. With this option, slapadd does no	index-
	      ing and slapindex	must be	used.

       lockdetect {oldest|youngest|fewest|random|default}
	      Specify  which transaction to abort when a deadlock is detected.
	      The default is random.

       mode _integer_
	      Specify the file protection mode that newly created database in-
	      dex files	should have.  The default is 0600.

       searchstack _depth_
	      Specify  the  depth  of the stack	used for search	filter evalua-
	      tion.  Search filters are	evaluated on a	stack  to  accommodate
	      nested AND / OR clauses. An individual stack is assigned to each
	      server thread.  The depth	of the stack determines	how complex  a
	      filter  can be evaluated without requiring any additional	memory
	      allocation. Filters that are nested deeper than the search stack
	      depth  will cause	a separate stack to be allocated for that par-
	      ticular search operation.	These allocations  can	have  a	 major
	      negative	impact	on server performance, but specifying too much
	      stack will also consume a	great deal  of	memory.	  Each	search
	      stack  uses 512K bytes per level.	The default stack depth	is 16,
	      thus 8MB per thread is used.

       shm_key _integer_
	      Specify a	key for	a shared memory	BDB  environment.  By  default
	      the  BDB	environment  uses  memory  mapped files. If a non-zero
	      value is specified, it will be used as the  key  to  identify  a
	      shared memory region that	will house the environment.

       The bdb and hdb backends	honor access control semantics as indicated in

	      default slapd configuration file

	      Berkeley DB configuration	file

       slapd.conf(5),  slapd-config(5),	 slapd-mdb(5),	slapd(8),  slapadd(8),
       slapcat(8), slapindex(8), Berkeley DB documentation.

       OpenLDAP	 Software  is developed	and maintained by The OpenLDAP Project
       <>.  OpenLDAP Software is derived from the Uni-
       versity	of  Michigan  LDAP  3.3	 Release.   Originally	begun  by Kurt
       Zeilenga. Caching mechanisms originally	designed  by  Jong-Hyuk	 Choi.
       Completion and subsequent work, as well as back-hdb, by Howard Chu.

OpenLDAP 2.4.59			  2021/06/03			  SLAPD-BDB(5)


Want to link to this manual page? Use this URL:

home | help