mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-06 10:46:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

ITS#5425 slapdconfig.sdf and slapdconf2.sdf out of date

Browse Source
This commit is contained in:
Gavin Henry 2008-03-19 22:30:08 +00:00
parent 8af69fddc7
commit b697132142
1 changed files with 39 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
doc/guide/admin/slapdconfig.sdf
View File

@ -366,6 +366,17 @@ H4: syncrepl
> [credentials=<passwd>] > [credentials=<passwd>]
> [realm=<realm>] > [realm=<realm>]
> [secprops=<properties>] > [secprops=<properties>]
> [starttls=yes|critical]
> [tls_cert=<file>]
> [tls_key=<file>]
> [tls_cacert=<file>]
> [tls_cacertdir=<path>]
> [tls_reqcert=never|allow|try|demand]
> [tls_ciphersuite=<ciphers>]
> [tls_crlcheck=none|peer|all]
> [logbase=<base DN>]
> [logfilter=<filter str>]
> [syncdata=default|accesslog|changelog]
This directive specifies the current database as a replica of the This directive specifies the current database as a replica of the
@ -407,10 +418,10 @@ default value and must always be specified. The {{EX:scope}} defaults
to {{EX:sub}}, the {{EX:filter}} defaults to {{EX:(objectclass=*)}}, to {{EX:sub}}, the {{EX:filter}} defaults to {{EX:(objectclass=*)}},
{{EX:attrs}} defaults to {{EX:"*,+"}} to replicate all user and operational {{EX:attrs}} defaults to {{EX:"*,+"}} to replicate all user and operational
attributes, and {{EX:attrsonly}} is unset by default. Both {{EX:sizelimit}} attributes, and {{EX:attrsonly}} is unset by default. Both {{EX:sizelimit}}
and {{EX:timelimit}} default to "unlimited", and only integers and {{EX:timelimit}} default to "unlimited", and only positive integers
or "unlimited" may be specified. or "unlimited" may be specified.
The LDAP Content Synchronization protocol has two operation The {{TERM[expand]LDAP Sync}} protocol has two operation
types: {{EX:refreshOnly}} and {{EX:refreshAndPersist}}. types: {{EX:refreshOnly}} and {{EX:refreshAndPersist}}.
The operation type is specified by the {{EX:type}} parameter. The operation type is specified by the {{EX:type}} parameter.
In the {{EX:refreshOnly}} operation, the next synchronization search operation In the {{EX:refreshOnly}} operation, the next synchronization search operation
@ -418,7 +429,7 @@ is periodically rescheduled at an interval time after each
synchronization operation finishes. The interval is specified synchronization operation finishes. The interval is specified
by the {{EX:interval}} parameter. It is set to one day by default. by the {{EX:interval}} parameter. It is set to one day by default.
In the {{EX:refreshAndPersist}} operation, a synchronization search In the {{EX:refreshAndPersist}} operation, a synchronization search
remains persistent in the provider slapd. Further updates to the remains persistent in the provider {{slapd}} instance. Further updates to the
master replica will generate {{EX:searchResultEntry}} to the consumer slapd master replica will generate {{EX:searchResultEntry}} to the consumer slapd
as the search responses to the persistent synchronization search. as the search responses to the persistent synchronization search.
@ -446,7 +457,7 @@ master database.
The {{EX:bindmethod}} is {{EX:simple}} or {{EX:sasl}}, The {{EX:bindmethod}} is {{EX:simple}} or {{EX:sasl}},
depending on whether simple password-based authentication or depending on whether simple password-based authentication or
{{TERM:SASL}} authentication is to be used when connecting {{TERM:SASL}} authentication is to be used when connecting
to the provider slapd. to the provider {{slapd}} instance.
Simple authentication should not be used unless adequate data Simple authentication should not be used unless adequate data
integrity and confidentiality protections are in place (e.g. TLS integrity and confidentiality protections are in place (e.g. TLS
@ -464,11 +475,31 @@ The {{EX:realm}} parameter specifies a realm which a certain
mechanisms authenticate the identity within. The {{EX:secprops}} mechanisms authenticate the identity within. The {{EX:secprops}}
parameter specifies Cyrus SASL security properties. parameter specifies Cyrus SASL security properties.
The syncrepl replication mechanism is supported by the two primary The {{EX:starttls}} parameter specifies use of the StartTLS extended
database backends: back-bdb and back-hdb. operation to establish a TLS session before authenticating to the provider.
If the {{EX:critical}} argument is supplied, the session will be aborted
if the StartTLS request fails. Otherwise the syncrepl session continues
without TLS. Note that the main slapd TLS settings are not used by the
syncrepl engine; by default the TLS parameters from a {{ldap.conf}}(5)
configuration file will be used. TLS settings may be specified here,
in which case any {{ldap.conf}}(5) settings will be completely ignored.
See the {{SECT:LDAP Sync Replication}} chapter of the admin guide Rather than replicating whole entries, the consumer can query logs
for more information on how to use this directive. of data modifications. This mode of operation is referred to as
{{delta syncrepl}}. In addition to the above parameters, the
{{EX:logbase}} and {{EX:logfilter}} parameters must be set appropriately
for the log that will be used. The {{EX:syncdata}} parameter must
be set to either {{EX:"accesslog"}} if the log conforms to the
{{slapo-accesslog}}(5) log format, or {{EX:"changelog"}} if the log
conforms to the obsolete {{changelog}} format. If the {{EX:syncdata}}
parameter is omitted or set to {{EX:"default"}} then the log
parameters are ignored.
The {{syncrepl}} replication mechanism is supported by the {{bdb}} and
{{hdb}} backends.
See the {{SECT:LDAP Sync Replication}} chapter of this guide for
more information on how to use this directive.
H4: updateref <URL> H4: updateref <URL>