Quick Start - Annotated cn=config
Lines starting with “#” are comments. Actually, a “#” in a line starts a comment from the “#” to the end of the line.
# The `dn` line tells dynamic configuration about the main database
# This line says it is **called** `mdb` and is an `lmdb` database
# supported by the OpenLDAP `back-mdb` database backend.
dn: olcDatabase=mdb,cn=config
# Every entry in the entire OpenLDAP data structure has an `objectClass`
# When more than one is listed, the ones following the first line
# "inherit" from the first. `olcMdbConfig` inherits the definition
* of `olcDatabaseConfig` and (presumably) adds to that definition.
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
# The `dn` line told LDAP what the Distinguished Name of the entry
# was. Here we add the attribute that is referenced by its name
olcDatabase: mdb
# olcDbMaxSize can only be expressed in bytes. The 1073741824 is the
# number of bytes in 10gB. That's the default size.
# olcDbMaxSize **MUST** be big enough to hold the data in the entries,
# all of the data in the indexes you want built, and, when you get
# more sophisticated, the `accesslog` for replication, a
# `sessionlog` and/or `auditlog` you may want/need.
olcDbMaxSize: 1073741824
# `olcSuffix` is the "root" of the `mdb` database being define. It
# is the actual base DN of the application data.
olcSuffix: dc=<MY-DOMAIN>,dc=<COM>
# The next two lines are you login/authenticate as the Directory
# Manager. The password SHOULD be generated by ldappasswd or
# tool as appropriate for your hashing of passwords. For the
# sandbox toy, passwords in the clear are fine.
olcRootDN: cn=Manager,dc=<MY-DOMAIN>,dc=<COM>
# This should be replaced with a properly hashed strong password.
# The ldappasswd program can be used for producing the hash.
olcRootPW: secret
# This line defines the explicit path to the directory for all the
# database files. **MAKE SURE IT EXISTS** before you fire up
# `slapd`
olcDbDirectory: /usr/local/var/openldap-data
# For simplicity we only defined one index. It creates an "equality"
# index for the `objectClass` attribute.
olcDbIndex: objectClass eq