when comparing IDs to saslAuthzTo/From values, the saslAuthzTo
saslAuthzFrom values can take different forms:
dn[.<style>]:<pattern>
<style> ::= exact ; exact match
children ; children of <pattern> match
subtree ; <pattern> or children of <pattern> match
regex ; <pattern> is regcomp() & regexec()
if no <style>, then exact is assumed
u[.<mech>][/<realm>]:<user>
when parsing a proxyAuthz value, only exact DN is allowed,
and no <mech> can be specified. <user> cannot contain ':'
and <mech> cannot contain '/'.
- memory based session history to minimize sync traffic
- when client is covered by a session history, then
[add+delete] mode is used
- when client cookie is not covered by the history because
the cookie is too outdated and/or the history is truncated,
[add+present] mode is used
2. Sync cookie syntax : comma separated name=value pairs
- csn=yyyymmddhh:mm:ssZ#0xSSSS#r#ssssr,sid=nnn
new slapadd options
-p : promote : If the ldif file contains syncConsumerSubentries, convert
them to a single syncProviderSubentry. Its contextCSN
attribute has the largest value of the syncreplCookie
attributes of the syncConsumerSubentries.
syncProviderSubentry in the ldif file is retained.
-p -w : promote : Recalculate contextCSN based on entryCSN of each entry.
create Existing syncConsumerSubentries and syncProviderSubentry
are ignored and not added to the directory.
-r : demote : If the ldif file contains syncProviderSubentry, convert it
to a syncConsumerSubentry having the default syncrepl id
of 0. syncConsumerSubentries in the ldif file are retained.
-r -w : demote : Recalculate syncreplCookie based on entryCSN of each entry.
create Existing syncConsumerSubentries and syncProviderSubentry
are ignored and not added to the directory. The default
syncrepl id of 0 will be used for the new
syncConsumerSubentry.
-r -w -i %d[,%d]* : Using the comma separated list followed by the -i option,
it is possible to create multiple syncConsumerSubentries
having the syncrepl ids specified in the list.
syncreplCookie values of these sycnConsumerSubentries
will have the same value, either from the maximum
entryCSN value or from the contextCSN value of the
syncProviderSubentry.
note that -lltdl is added redundantly if --enable-modules was specified.
It seems to me that --enable-slapi should have implied --enable-modules
from the beginning.
- currenty works for refreshOnly mode of LDAP Sync
- Context CSN for add / modify is implemented
- code for delete / modrdn / refreshAndPersist will be soon committed