Commit 3f4cf7be authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

syncprov overlay section.

Unique overlay example.
parent 4d252962
personal_ws-1.1 en 1675
personal_ws-1.1 en 1682
commonName
bla
Masarati
......@@ -6,8 +6,8 @@ subjectAltName
api
usnCreated
BhY
olcSyncRepl
olcSyncrepl
olcSyncRepl
adamsom
adamson
CER
......@@ -26,6 +26,7 @@ BNF
TLSEphemeralDHParamFile
ppolicy
ASN
gavin
ava
Chu
del
......@@ -39,8 +40,8 @@ DIB
dev
reqNewSuperior
librewrite
memberof
memberOf
memberof
BSI
updateref
buf
......@@ -91,8 +92,8 @@ dlopen
eng
AttributeValue
attributevalue
DUA
EOF
DUA
inputfile
DSP
refreshDone
......@@ -128,10 +129,10 @@ iff
contextCSN
auditModify
auditSearch
OpenLDAP
openldap
resultcode
OpenLDAP
resultCode
resultcode
sysconfig
indices
blen
......@@ -171,13 +172,13 @@ argv
kdz
notAllowedOnRDN
hostport
StartTLS
starttls
StartTLS
ldb
servercredp
ldd
IPv
ipv
IPv
hyc
joe
bindmethods
......@@ -209,8 +210,8 @@ libpath
acknowledgements
jts
createTimestamp
MIB
LLL
MIB
OpenSSL
openssl
LOF
......@@ -250,10 +251,10 @@ Subbarao
aeeiib
oidlen
submatches
PEM
olc
OLF
PEM
PDU
OLF
LDAPSchemaExtensionItem
auth
Pierangelo
......@@ -269,10 +270,11 @@ cleartext
numattrsets
requestDN
caseExactSubstringsMatch
NSS
PKI
NSS
olcSyncProvConfig
ple
jones
NTP
auditModRDN
checkpointing
......@@ -293,9 +295,9 @@ rdn
wZFQrDD
OTP
olcSizeLimit
PRD
sbi
pos
sbi
PRD
pre
sudoadm
stringal
......@@ -315,8 +317,8 @@ bvec
HtZhZS
TBC
stringbv
SHA
Sep
SHA
ptr
conn
pwd
......@@ -333,8 +335,8 @@ myOID
supportedSASLMechanism
supportedSASLmechanism
realnamingcontext
UCD
SMD
UCD
keytab
portnumber
uncached
......@@ -347,8 +349,8 @@ sasldb
UCS
searchDN
keytbl
UDP
tgz
UDP
freemods
prepend
nssov
......@@ -366,22 +368,23 @@ crit
objectClassViolation
ssf
ldapfilter
vec
TOC
rwm
TOC
vec
pwdChangedTime
tls
peernamestyle
xpasswd
SRP
tmp
SRP
SSL
dupbv
CPUs
itsupport
SRV
entrymods
sss
rwx
sss
reqNewRDN
nopresent
rebindproc
......@@ -444,8 +447,8 @@ pseudorootdn
MezRroT
GDBM
LIBRELEASE
DSA's
DSAs
DSA's
realloc
booleanMatch
compareTrue
......@@ -505,8 +508,8 @@ pwdMinLength
iZ
ldapdelete
xyz
rdbms
RDBMs
rdbms
extparam
mk
ng
......@@ -571,8 +574,8 @@ ZZ
LDVERSION
testAttr
backend
backends
backend's
backends
BerValues
Solaris
structs
......@@ -584,9 +587,9 @@ ostring
policyDN
testObject
pwdMaxAge
binddn
bindDN
bindDn
bindDN
binddn
distributedOperation
schemachecking
strvals
......@@ -606,8 +609,8 @@ UMLDAP
searchResultDone
MAXLEN
pwdInHistory
reqAttrsOnly
realtime
reqAttrsOnly
sysconfdir
searchResultReference
olcAttributeTypes
......@@ -624,20 +627,21 @@ dynstyle
bindpw
AUTHNAME
UniqueName
blahblah
saslmech
pthreads
IEEE
regex
SIGINT
slappasswd
errABsObject
errAbsObject
errABsObject
ldapexop
objectIdentifier
objectidentifier
objectIdentifier
deallocators
mirrormode
MirrorMode
mirrormode
loopDetect
SIGHUP
authMethodNotSupported
......@@ -654,8 +658,8 @@ filtercomp
expr
syntaxes
memrealloc
returncode
returnCode
returncode
OpenLDAP's
exts
bitstringa
......@@ -679,8 +683,8 @@ lastName
lldap
cachesize
slapauth
attributeType
attributetype
attributeType
GSER
olcDbNosync
typedef
......@@ -697,11 +701,12 @@ monitoredObject
TLSVerifyClient
noidlen
LDAPNOINIT
pwdGraceAuthnLimit
henry
pwdGraceAuthNLimit
pwdGraceAuthnLimit
hnPk
userpassword
userPassword
userpassword
noanonymous
LIBVERSION
symas
......@@ -720,9 +725,9 @@ IMAP
organisations
rewriteMap
monitoredInfo
modrDN
ModRDN
modrdn
ModRDN
modrDN
HREF
DQTxCYEApdUtNXGgdUac
inline
......@@ -737,8 +742,8 @@ reqReferral
rlookups
siiiib
LTSTATIC
timelimitExceeded
timeLimitExceeded
timelimitExceeded
XKYnrjvGT
subtrees
unixODBC
......@@ -750,8 +755,8 @@ reqDN
dnstyle
inet
schemas
pwdPolicySubentry
pwdPolicySubEntry
pwdPolicySubentry
reqId
backsql
scanf
......@@ -780,6 +785,7 @@ html
GCmfuqEvm
multimaster
testrun
olcUniqueURI
rewriteEngine
slapdindex
LTFINISH
......@@ -1090,8 +1096,8 @@ noop
errObject
XXLIBS
reqAssertion
nops
PDUs
nops
baseObject
bvecadd
perl
......@@ -1504,6 +1510,7 @@ URL's
urls
olcAuditLogConfig
reqMod
joebloggs
pwdHistory
entryTtl
olcIdleTimeout
......@@ -1599,12 +1606,12 @@ jpegPhoto
supportedSASLMechanisms
ACLs
reqMethod
authzId
authzid
authzID
authzid
authzId
hasSubordintes
proxyCache
proxycache
proxyCache
slaptest
olcLogLevel
LDAPDN
......@@ -1629,8 +1636,8 @@ wBDARESEhgVG
multi
aaa
ldaprc
UpdateDN
updatedn
UpdateDN
LDAPBASE
LDAPAPIFeatureInfo
authzTo
......@@ -1671,6 +1678,6 @@ ali
attributeoptions
BfQ
uidNumber
CA's
CAs
CA's
namingContext
......@@ -326,7 +326,7 @@ H3: Read-Back of Chained Modifications
Occasionally, applications want to read back the data that they just wrote.
If a modification requested to a shadow server was silently chained to its
producer, an immediate read could result in receiving data not yet sync'ed.
producer, an immediate read could result in receiving data not yet synchronized.
In those cases, clients should use the {{B:dontusecopy}} control to ensure
they are directed to the authoritative source for that piece of data.
......@@ -1099,16 +1099,31 @@ H2: Sync Provider
H3: Overview
This overlay implements the provider-side support for syncrepl
replication, including persistent search functionality
This overlay implements the provider-side support for the LDAP Content Synchronization
({{REF:RFC4533}}) as well as syncrepl replication support, including persistent search functionality.
H3: Sync Provider Configuration
There is very little configuration needed for this overlay, in fact for many situations merely loading
the overlay will suffice.
However, because the overlay creates a contextCSN attribute in the root entry of the database which is
updated for every write operation performed against the database and only updated in memory, it is
recommended to configure a checkpoint so that the contextCSN is written into the underlying database to
minimize recovery time after an unclean shutdown:
> overlay syncprov
> syncprov-checkpoint 100 10
For every 100 operations or 10 minutes, which ever is sooner, the contextCSN will be checkpointed.
The four configuration directives available are {{B:syncprov-checkpoint}}, {{B:syncprov-sessionlog}},
{{B:syncprov-nopresent}} and {{B:syncprov-reloadhint}} which are covered in the man page discussing
various other scenarios where this overlay can be used.
H3: Further Information
{{:slapo-syncprov(5)}}
The {{:slapo-syncprov(5)}} man page and the {{SECT:Configuring the different replication types}} section
H2: Translucent Proxy
......@@ -1253,12 +1268,60 @@ H2: Attribute Uniqueness
H3: Overview
This overlay can be used with a backend database such as slapd-bdb (5)
This overlay can be used with a backend database such as {{slapd-bdb(5)}}
to enforce the uniqueness of some or all attributes within a subtree.
H3: Attribute Uniqueness Configuration
This overlay is only effective on new data from the point the overlay is enabled. To
check uniqueness for existing data, you can export and import your data again via the
LDAP Add operation, which will not be suitable for large amounts of data, unlike {{B:slapcat}}.
For the following example, if uniqueness were enforced for the {{B:mail}} attribute,
the subtree would be searched for any other records which also have a {{B:mail}} attribute
containing the same value presented with an {{B:add}}, {{B:modify}} or {{B:modrdn}} operation
which are unique within the configured scope. If any are found, the request is rejected.
Note: If no attributes are specified, for example {{B:ldap:///??sub?}}, then the URI applies to all non-operational attributes. However,
the keyword {{B:ignore}} can be specified to exclude certain non-operational attributes.
To search at the base dn of the current backend database ensuring uniqueness of the {{B:mail}}
attribute, we simply add the following configuration:
> overlay unique
> unique_uri ldap:///?mail?sub?
For an existing entry of:
> dn: cn=gavin,dc=suretecsystems,dc=com
> objectClass: top
> objectClass: inetorgperson
> cn: gavin
> sn: henry
> mail: ghenry@suretecsystems.com
and we then try to add a new entry of:
> dn: cn=robert,dc=suretecsystems,dc=com
> objectClass: top
> objectClass: inetorgperson
> cn: robert
> sn: jones
> mail: ghenry@suretecsystems.com
would result in an error like so:
> adding new entry "cn=robert,dc=example,dc=com"
> ldap_add: Constraint violation (19)
> additional info: some attributes not unique
The overlay can have multiple URIs specified within a domain, allowing complex
selections of objects and also have multiple {{B:unique_uri}} statements or
{{B:olcUniqueURI}} attributes which will create independent domains.
For more information and details about the {{B:strict}} and {{B:ignore}} keywords,
please see the {{:slapo-unique(5)}} man page.
H3: Further Information
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment