when comparing IDs to saslAuthzTo/From values, the saslAuthzTo
saslAuthzFrom values can take different forms:
dn[.<style>]:<pattern>
<style> ::= exact ; exact match
children ; children of <pattern> match
subtree ; <pattern> or children of <pattern> match
regex ; <pattern> is regcomp() & regexec()
if no <style>, then exact is assumed
u[.<mech>][/<realm>]:<user>
when parsing a proxyAuthz value, only exact DN is allowed,
and no <mech> can be specified. <user> cannot contain ':'
and <mech> cannot contain '/'.
1) simultaneous operation of multiple active sync replication threads
2) cookie management for individual sync replication thread
(include rid=%3d to the slapd cookie command line option (-c))
- memory based session history to minimize sync traffic
- when client is covered by a session history, then
[add+delete] mode is used
- when client cookie is not covered by the history because
the cookie is too outdated and/or the history is truncated,
[add+present] mode is used
2. Sync cookie syntax : comma separated name=value pairs
- csn=yyyymmddhh:mm:ssZ#0xSSSS#r#ssssr,sid=nnn
new slapadd options
-p : promote : If the ldif file contains syncConsumerSubentries, convert
them to a single syncProviderSubentry. Its contextCSN
attribute has the largest value of the syncreplCookie
attributes of the syncConsumerSubentries.
syncProviderSubentry in the ldif file is retained.
-p -w : promote : Recalculate contextCSN based on entryCSN of each entry.
create Existing syncConsumerSubentries and syncProviderSubentry
are ignored and not added to the directory.
-r : demote : If the ldif file contains syncProviderSubentry, convert it
to a syncConsumerSubentry having the default syncrepl id
of 0. syncConsumerSubentries in the ldif file are retained.
-r -w : demote : Recalculate syncreplCookie based on entryCSN of each entry.
create Existing syncConsumerSubentries and syncProviderSubentry
are ignored and not added to the directory. The default
syncrepl id of 0 will be used for the new
syncConsumerSubentry.
-r -w -i %d[,%d]* : Using the comma separated list followed by the -i option,
it is possible to create multiple syncConsumerSubentries
having the syncrepl ids specified in the list.
syncreplCookie values of these sycnConsumerSubentries
will have the same value, either from the maximum
entryCSN value or from the contextCSN value of the
syncProviderSubentry.
- currenty works for refreshOnly mode of LDAP Sync
- Context CSN for add / modify is implemented
- code for delete / modrdn / refreshAndPersist will be soon committed
Currently discovered via a "feature", but should use a control.
Start of a control made, but needs to be better integrated (with
auto use in ldapmodify(1)).
