Provided by: slapd_2.5.18+dfsg-0ubuntu0.22.04.2_amd64 bug

NAME

       slapd-mdb - Memory-Mapped DB backend to slapd

SYNOPSIS

       /etc/ldap/slapd.conf

DESCRIPTION

       The  mdb  backend to slapd(8) uses OpenLDAP's Lightning Memory-Mapped DB (LMDB) library to
       store data.  It relies completely on the underlying operating system for memory management
       and does no caching of its own. It is the recommended primary database backend.

       The mdb backend uses a hierarchical database layout which supports subtree renames.

CONFIGURATION

       These  slapd.conf  options apply to the mdb backend.  That is, they must follow a "backend
       mdb" line and come before any subsequent "backend" or "database" lines.

       idlexp <exp>
              Specify a power of 2 for the maximum size of an index slot.   The  default  is  16,
              yielding  a  maximum  slot size of 2^16 or 65536.  Once set, this option applies to
              every mdb database instance.  The specified value must be in the range of 16-30.

       These slapd.conf options apply to the mdb backend database.  That is, they must  follow  a
       "database  mdb"  line and come before any subsequent "backend" or "database" lines.  Other
       database options are described in the slapd.conf(5) manual page.

       checkpoint <kbyte> <min>
              Specify the frequency for flushing the database disk buffers.  This setting is only
              needed if the dbnosync option is used.  The checkpoint will occur if either <kbyte>
              data has been written or <min> minutes have passed since the last checkpoint.  Both
              arguments  default to zero, in which case they are ignored. When the <min> argument
              is non-zero, an  internal  task  will  run  every  <min>  minutes  to  perform  the
              checkpoint.  Note: currently the <kbyte> setting is unimplemented.

       dbnosync
              Specify  that on-disk database contents should not be immediately synchronized with
              in memory changes.  Enabling this option may improve performance at the expense  of
              data  security.  In  particular, if the operating system crashes before changes are
              flushed, some number of  transactions  may  be  lost.   By  default,  a  full  data
              flush/sync is performed when each transaction is committed.

       directory <directory>
              Specify  the directory where the LMDB files containing this database and associated
              indexes live.  A separate directory must  be  specified  for  each  database.   The
              default is /var/lib/ldap.

       envflags {nosync,nometasync,writemap,mapasync,nordahead}
              Specify flags for finer-grained control of the LMDB library's operation.

              nosync This is exactly the same as the dbnosync directive.

              nometasync
                     Flush the data on a commit, but skip the sync of the meta page. This mode is
                     slightly faster than doing a full sync, but can potentially  lose  the  last
                     committed  transaction  if  the operating system crashes. If both nometasync
                     and nosync are set, the nosync flag takes precedence.

              writemap
                     Use a writable memory map instead of just read-only. This  speeds  up  write
                     operations  but makes the database vulnerable to corruption in case any bugs
                     in slapd cause stray writes into the mmap region.

              mapasync
                     When using a writable memory map and performing flushes on each commit,  use
                     an  asynchronous  flush  instead  of a synchronous flush (the default). This
                     option has no effect if writemap has not been set. It also has no effect  if
                     nosync is set.

              nordahead
                     Turn  off  file  readahead.  Usually the OS performs readahead on every read
                     request. This usually boosts read performance but can be harmful  to  random
                     access  read performance if the system's memory is full and the DB is larger
                     than RAM. This option is not implemented on Windows.

       index {<attrlist>|default} [pres,eq,approx,sub,<special>]
              Specify the indexes to maintain for the given attribute (or  list  of  attributes).
              Some  attributes only support a subset of indexes.  If only an <attr> is given, the
              indices specified for default are maintained.  Note that setting a default does not
              imply  that all attributes will be indexed. Also, for best performance, an eq index
              should always be configured for the objectClass attribute.

              A number of special index parameters may be specified.  The index type sub  can  be
              decomposed  into subinitial, subany, and subfinal indices.  The special type nolang
              may be specified to disallow use of this index by language subtypes.   The  special
              type  nosubtypes  may be specified to disallow use of this index by named subtypes.
              Note: changing index settings in slapd.conf(5)  requires  rebuilding  indices,  see
              slapindex(8);  changing  index  settings  dynamically  by LDAPModifying "cn=config"
              automatically causes rebuilding of the indices online in a background task.

       maxentrysize <bytes>
              Specify the maximum size of an entry in bytes. Attempts to store  an  entry  larger
              than  this  size  will  be  rejected  with  the error LDAP_ADMINLIMIT_EXCEEDED. The
              default is 0, which is unlimited.

       maxreaders <integer>
              Specify the maximum number of threads that may have concurrent read access  to  the
              database. Tools such as slapcat count as a single thread, in addition to threads in
              any active slapd processes. The default is 126.

       maxsize <bytes>
              Specify the maximum size of the database in bytes. A memory map  of  this  size  is
              allocated  at startup time and the database will not be allowed to grow beyond this
              size. The default is 10485760 bytes. This setting may  be  changed  upward  if  the
              configured limit needs to be increased.

              Note:  It  is  important  to set this to as large a value as possible, (relative to
              anticipated growth of the actual data over time) since growing the size  later  may
              not be practical when the system is under heavy load.

       mode <integer>
              Specify  the  file  protection  mode that newly created database files should have.
              The default is 0600.

       multival {<attrlist>|default} <integer hi>,<integer lo>
              Specify the number of values for which a  multivalued  attribute  is  stored  in  a
              separate  table.  Normally entries are stored as a single blob inside the database.
              When an entry gets very large or contains attributes with a very  large  number  of
              values,  modifications  on  that  entry  may  get  very  slow.  Splitting the large
              attributes out to a separate table can  improve  the  performance  of  modification
              operations.   The  threshold  is  specified as a pair of integers. If the number of
              values exceeds the hi threshold the values will be split  out.  If  a  modification
              deletes  enough values to bring an attribute below the lo threshold the values will
              be removed from the separate table and merged back into the main entry  blob.   The
              threshold  can  be  set  for  a  specific list of attributes, or the default can be
              configured for all other  attributes.   The  default  value  for  both  hi  and  lo
              thresholds is UINT_MAX, which keeps all attributes in the main blob.

       rtxnsize <entries>
              Specify  the maximum number of entries to process in a single read transaction when
              executing a large search. Long-lived read transactions prevent old  database  pages
              from being reused in write transactions, and so can cause significant growth of the
              database file when there is heavy write  traffic.  This  setting  causes  the  read
              transaction  in large searches to be released and reacquired after the given number
              of entries has been read, to give writers the opportunity to reclaim  old  database
              pages. The default is 10000.

       searchstack <depth>
              Specify  the  depth of the stack used for search filter evaluation.  Search filters
              are evaluated on a stack to accommodate nested AND  /  OR  clauses.  An  individual
              stack  is  assigned  to  each server thread.  The depth of the stack determines how
              complex  a  filter  can  be  evaluated  without  requiring  any  additional  memory
              allocation. Filters that are nested deeper than the search stack depth will cause a
              separate stack  to  be  allocated  for  that  particular  search  operation.  These
              allocations  can have a major negative impact on server performance, but specifying
              too much stack will also consume a great deal of memory.  Each  search  stack  uses
              512K bytes per level. The default stack depth is 16, thus 8MB per thread is used.

ACCESS CONTROL

       The mdb backend honors access control semantics as indicated in slapd.access(5).

FILES

       /etc/ldap/slapd.conf
              default slapd configuration file

SEE ALSO

       slapd.conf(5),    slapd-config(5),   slapd(8),   slapadd(8),   slapcat(8),   slapindex(8),
       slapmodify(8), OpenLDAP LMDB documentation.

ACKNOWLEDGEMENTS

       OpenLDAP   Software   is   developed   and   maintained   by    The    OpenLDAP    Project
       <http://www.openldap.org/>.   OpenLDAP Software is derived from the University of Michigan
       LDAP 3.3 Release.  Written by Howard Chu.