Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
O
OpenLDAP
Manage
Activity
Members
Labels
Plan
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package Registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Code review analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Christopher Ng
OpenLDAP
Commits
ab9ff278
Commit
ab9ff278
authored
16 years ago
by
Quanah Gibson-Mount
Browse files
Options
Downloads
Patches
Plain Diff
ITS#5425
parent
8047b80f
No related branches found
Branches containing commit
No related tags found
Tags containing commit
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
CHANGES
+2
-1
2 additions, 1 deletion
CHANGES
doc/guide/admin/slapdconfig.sdf
+40
-9
40 additions, 9 deletions
doc/guide/admin/slapdconfig.sdf
with
42 additions
and
10 deletions
CHANGES
+
2
−
1
View file @
ab9ff278
...
...
@@ -31,7 +31,8 @@ OpenLDAP 2.4.9 Engineering
Documentation
Fixed slapd.access(5) authz-regexp documented behavior (ITS#5400)
Fixed slapd.meta(5) idassert-* documentation (ITS#5406)
Fixed admin guide set documentation (ITS#5278,ITS#5279,ITS#5281)
admin24 set documentation (ITS#5278,ITS#5279,ITS#5281)
admin24 syncrepl directives update (ITS#5425)
OpenLDAP 2.4.8 Release (2008/02/19)
Fixed ldapmodify verbose logging (ITS#5247)
...
...
This diff is collapsed.
Click to expand it.
doc/guide/admin/slapdconfig.sdf
+
40
−
9
View file @
ab9ff278
...
...
@@ -366,6 +366,17 @@ H4: syncrepl
> [credentials=<passwd>]
> [realm=<realm>]
> [secprops=<properties>]
> [starttls=yes|critical]
> [tls_cert=<file>]
> [tls_key=<file>]
> [tls_cacert=<file>]
> [tls_cacertdir=<path>]
> [tls_reqcert=never|allow|try|demand]
> [tls_ciphersuite=<ciphers>]
> [tls_crlcheck=none|peer|all]
> [logbase=<base DN>]
> [logfilter=<filter str>]
> [syncdata=default|accesslog|changelog]
This directive specifies the current database as a replica of the
...
...
@@ -407,10 +418,10 @@ default value and must always be specified. The {{EX:scope}} defaults
to {{EX:sub}}, the {{EX:filter}} defaults to {{EX:(objectclass=*)}},
{{EX:attrs}} defaults to {{EX:"*,+"}} to replicate all user and operational
attributes, and {{EX:attrsonly}} is unset by default. Both {{EX:sizelimit}}
and {{EX:timelimit}} default to "unlimited", and only integers
and {{EX:timelimit}} default to "unlimited", and only
positive
integers
or "unlimited" may be specified.
The
LDAP Content Synchronization
protocol has two operation
The
{{TERM[expand]LDAP Sync}}
protocol has two operation
types: {{EX:refreshOnly}} and {{EX:refreshAndPersist}}.
The operation type is specified by the {{EX:type}} parameter.
In the {{EX:refreshOnly}} operation, the next synchronization search operation
...
...
@@ -418,7 +429,7 @@ is periodically rescheduled at an interval time after each
synchronization operation finishes. The interval is specified
by the {{EX:interval}} parameter. It is set to one day by default.
In the {{EX:refreshAndPersist}} operation, a synchronization search
remains persistent in the provider slapd. Further updates to the
remains persistent in the provider
{{
slapd
}} instance
. Further updates to the
master replica will generate {{EX:searchResultEntry}} to the consumer slapd
as the search responses to the persistent synchronization search.
...
...
@@ -446,7 +457,7 @@ master database.
The {{EX:bindmethod}} is {{EX:simple}} or {{EX:sasl}},
depending on whether simple password-based authentication or
{{TERM:SASL}} authentication is to be used when connecting
to the provider slapd.
to the provider
{{
slapd
}} instance
.
Simple authentication should not be used unless adequate data
integrity and confidentiality protections are in place (e.g. TLS
...
...
@@ -464,11 +475,31 @@ The {{EX:realm}} parameter specifies a realm which a certain
mechanisms authenticate the identity within. The {{EX:secprops}}
parameter specifies Cyrus SASL security properties.
The syncrepl replication mechanism is supported by the two primary
database backends: back-bdb and back-hdb.
See the {{SECT:LDAP Sync Replication}} chapter of the admin guide
for more information on how to use this directive.
The {{EX:starttls}} parameter specifies use of the StartTLS extended
operation to establish a TLS session before authenticating to the provider.
If the {{EX:critical}} argument is supplied, the session will be aborted
if the StartTLS request fails. Otherwise the syncrepl session continues
without TLS. Note that the main slapd TLS settings are not used by the
syncrepl engine; by default the TLS parameters from a {{ldap.conf}}(5)
configuration file will be used. TLS settings may be specified here,
in which case any {{ldap.conf}}(5) settings will be completely ignored.
Rather than replicating whole entries, the consumer can query logs
of data modifications. This mode of operation is referred to as
{{delta syncrepl}}. In addition to the above parameters, the
{{EX:logbase}} and {{EX:logfilter}} parameters must be set appropriately
for the log that will be used. The {{EX:syncdata}} parameter must
be set to either {{EX:"accesslog"}} if the log conforms to the
{{slapo-accesslog}}(5) log format, or {{EX:"changelog"}} if the log
conforms to the obsolete {{changelog}} format. If the {{EX:syncdata}}
parameter is omitted or set to {{EX:"default"}} then the log
parameters are ignored.
The {{syncrepl}} replication mechanism is supported by the {{bdb}} and
{{hdb}} backends.
See the {{SECT:LDAP Sync Replication}} chapter of this guide for
more information on how to use this directive.
H4: updateref <URL>
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment