mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-21 03:10:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

ITS#5425 slapdconfig.sdf and slapdconf2.sdf out of date

Browse Source
This commit is contained in:
Gavin Henry 2008-03-19 22:30:08 +00:00
parent 8af69fddc7
commit b697132142
1 changed files with 39 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
doc/guide/admin/slapdconfig.sdf
View File

@ -366,6 +366,17 @@ H4: syncrepl
> [credentials=<passwd>]
> [realm=<realm>]
> [secprops=<properties>]
> [starttls=yes|critical]
> [tls_cert=<file>]
> [tls_key=<file>]
> [tls_cacert=<file>]
> [tls_cacertdir=<path>]
> [tls_reqcert=never|allow|try|demand]
> [tls_ciphersuite=<ciphers>]
> [tls_crlcheck=none|peer|all]
> [logbase=<base DN>]
> [logfilter=<filter str>]
> [syncdata=default|accesslog|changelog]
This directive specifies the current database as a replica of the
@ -407,10 +418,10 @@ default value and must always be specified. The {{EX:scope}} defaults
to {{EX:sub}}, the {{EX:filter}} defaults to {{EX:(objectclass=*)}},
{{EX:attrs}} defaults to {{EX:"*,+"}} to replicate all user and operational
attributes, and {{EX:attrsonly}} is unset by default. Both {{EX:sizelimit}}
and {{EX:timelimit}} default to "unlimited", and only integers
and {{EX:timelimit}} default to "unlimited", and only positive integers
or "unlimited" may be specified.
The LDAP Content Synchronization protocol has two operation
The {{TERM[expand]LDAP Sync}} protocol has two operation
types: {{EX:refreshOnly}} and {{EX:refreshAndPersist}}.
The operation type is specified by the {{EX:type}} parameter.
In the {{EX:refreshOnly}} operation, the next synchronization search operation
@ -418,7 +429,7 @@ is periodically rescheduled at an interval time after each
synchronization operation finishes. The interval is specified
by the {{EX:interval}} parameter. It is set to one day by default.
In the {{EX:refreshAndPersist}} operation, a synchronization search
remains persistent in the provider slapd. Further updates to the
remains persistent in the provider {{slapd}} instance. Further updates to the
master replica will generate {{EX:searchResultEntry}} to the consumer slapd
as the search responses to the persistent synchronization search.
@ -446,7 +457,7 @@ master database.
The {{EX:bindmethod}} is {{EX:simple}} or {{EX:sasl}},
depending on whether simple password-based authentication or
{{TERM:SASL}} authentication is to be used when connecting
to the provider slapd.
to the provider {{slapd}} instance.
Simple authentication should not be used unless adequate data
integrity and confidentiality protections are in place (e.g. TLS
@ -464,11 +475,31 @@ The {{EX:realm}} parameter specifies a realm which a certain
mechanisms authenticate the identity within. The {{EX:secprops}}
parameter specifies Cyrus SASL security properties.
The syncrepl replication mechanism is supported by the two primary
database backends: back-bdb and back-hdb.
The {{EX:starttls}} parameter specifies use of the StartTLS extended
operation to establish a TLS session before authenticating to the provider.
If the {{EX:critical}} argument is supplied, the session will be aborted
if the StartTLS request fails. Otherwise the syncrepl session continues
without TLS. Note that the main slapd TLS settings are not used by the
syncrepl engine; by default the TLS parameters from a {{ldap.conf}}(5)
configuration file will be used. TLS settings may be specified here,
in which case any {{ldap.conf}}(5) settings will be completely ignored.
See the {{SECT:LDAP Sync Replication}} chapter of the admin guide
for more information on how to use this directive.
Rather than replicating whole entries, the consumer can query logs
of data modifications. This mode of operation is referred to as
{{delta syncrepl}}. In addition to the above parameters, the
{{EX:logbase}} and {{EX:logfilter}} parameters must be set appropriately
for the log that will be used. The {{EX:syncdata}} parameter must
be set to either {{EX:"accesslog"}} if the log conforms to the
{{slapo-accesslog}}(5) log format, or {{EX:"changelog"}} if the log
conforms to the obsolete {{changelog}} format. If the {{EX:syncdata}}
parameter is omitted or set to {{EX:"default"}} then the log
parameters are ignored.
The {{syncrepl}} replication mechanism is supported by the {{bdb}} and
{{hdb}} backends.
See the {{SECT:LDAP Sync Replication}} chapter of this guide for
more information on how to use this directive.
H4: updateref <URL>