Commit 1704b9a0 authored by Gavin Henry's avatar Gavin Henry
Browse files

New Changes Appendix, plus various other additions and fixes.

parent 6f951954
......@@ -66,4 +66,4 @@ guide.pdf: admin.html
htmldoc --batch guide.book
clean:
rm -f *.pdf *.html
rm -f *.pdf *.html *~
# $OpenLDAP$
# Copyright 2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: Changes Since Previous Release
Nice intro here to praise everyones hard work!
H2: New Guide Sections
* Overlays
* Backends
* Tuning
* complete later.........
H2: New Features in 2.4
Another nice intro here
H3: More overlays
* slapo-dds (Dynamic Directory Services, RFC 2589)
* slapo-memberof (reverse group membership maintenance)
H3: New features in existing ones
* slapo-pcache allows cache inspection/maintenance/hot restart
* slapo-rwm can safely interoperate with other overlays
* Dyngroup/Dynlist merge, plus security enhancements
H3: New features in slapd
* monitoring of back-{b,h}db: cache fill-in, non-indexed searches,
* session tracking control (draft-wahl-ldap-session)
* subtree delete in back-sql (draft-armijo-ldap-treedelete)
H3: New features in libldap
* ldap_sync client API (LDAP Content Sync Operation, RFC 4533)
H3: New clients and tools
* ldapexop for arbitrary extended operations
* complete support of controls in request/response for all clients
H3: New build options
* Support for building against GnuTLS
* Advertisement of LDAP server in DNS
H2: Obsolete Features in 2.4
H3: Slurpd
......@@ -146,11 +146,11 @@ H3: Overview
The Null backend to {{slapd}}(8) is surely the most useful part of slapd:
- Searches return success but no entries.
- Compares return compareFalse.
- Updates return success (unless readonly is on) but do nothing.
- Binds other than as the rootdn fail unless the database option "bind on" is given.
- The slapadd(8) and slapcat(8) tools are equally exciting.
* Searches return success but no entries.
* Compares return compareFalse.
* Updates return success (unless readonly is on) but do nothing.
* Binds other than as the rootdn fail unless the database option "bind on" is given.
* The slapadd(8) and slapcat(8) tools are equally exciting.
Inspired by the {{F:/dev/null}} device.
......
#HTMLDOC 1.8.27
-t pdf14 -f "guide.pdf" --book --toclevels 3 --no-numbered --toctitle "Table of Contents" --title --titleimage "../images/LDAPwww.gif" --linkstyle plain --size Universal --left 1.00in --right 0.50in --top 36 --bottom 36 --header .t. --header1 ... --footer ..1 --nup 1 --tocheader .t. --tocfooter ..i --duplex --portrait --color --no-pscommands --no-xrxcomments --compression=1 --jpeg=0 --fontsize 11.0 --fontspacing 1.2 --headingfont Helvetica --bodyfont Times --headfootsize 11.0 --headfootfont Helvetica --charset iso-8859-1 --links --embedfonts --pagemode outline --pagelayout single --firstpage p1 --pageeffect none --pageduration 10 --effectduration 1.0 --no-encryption --permissions all --owner-password "" --user-password "" --browserwidth 680 --no-strict --no-overflow
-t pdf14 -f "OpenLDAP-Admin-Guide.pdf" --book --toclevels 3 --no-numbered --toctitle "Table of Contents" --title --titleimage "../images/LDAPwww.gif" --linkstyle plain --size Universal --left 1.00in --right 0.50in --top 0.50in --bottom 0.50in --header .t. --header1 ... --footer ..1 --nup 1 --tocheader .t. --tocfooter ..i --duplex --portrait --color --no-pscommands --no-xrxcomments --compression=1 --jpeg=0 --fontsize 11.0 --fontspacing 1.2 --headingfont Helvetica --bodyfont Times --headfootsize 11.0 --headfootfont Helvetica --charset iso-8859-1 --links --embedfonts --pagemode outline --pagelayout single --firstpage p1 --pageeffect none --pageduration 10 --effectduration 1.0 --no-encryption --permissions all --owner-password "" --user-password "" --browserwidth 680 --no-strict --no-overflow
admin.html
......@@ -211,12 +211,12 @@ H2: What is the difference between LDAPv2 and LDAPv3?
LDAPv3 was developed in the late 1990's to replace LDAPv2.
LDAPv3 adds the following features to LDAP:
- Strong authentication and data security services via {{TERM:SASL}}
- Certificate authentication and data security services via {{TERM:TLS}} (SSL)
- Internationalization through the use of Unicode
- Referrals and Continuations
- Schema Discovery
- Extensibility (controls, extended operations, and more)
* Strong authentication and data security services via {{TERM:SASL}}
* Certificate authentication and data security services via {{TERM:TLS}} (SSL)
* Internationalization through the use of Unicode
* Referrals and Continuations
* Schema Discovery
* Extensibility (controls, extended operations, and more)
LDAPv2 is historic ({{REF:RFC3494}}). As most {{so-called}} LDAPv2
implementations (including {{slapd}}(8)) do not conform to the
......
......@@ -54,10 +54,10 @@ To understand the {{F:db_archive}} interface, the reader should refer to
chapter 9 of the Berkeley DB guide. In particular, the following chapters are
recommended:
- Database and log file archival
- Log file removal
- Recovery procedures
- Hot failover
* Database and log file archival
* Log file removal
* Recovery procedures
* Hot failover
Advanced installations can use special environment settings to fine-tune some
Berkeley DB options (change the log file limit, etc). This can be done by using
......@@ -71,10 +71,10 @@ Use them with extreme caution. Do not use them unless You know what You are doin
The advantages of {{F:DB_CONFIG}} usage can be the following:
- to keep data files and log files on different mediums (i.e. disks) to improve
* to keep data files and log files on different mediums (i.e. disks) to improve
performance and/or reliability;
- to fine-tune some specific options (such as shared memory region sizes);
- to set the log file limit (please read Log file limits before doing this).
* to fine-tune some specific options (such as shared memory region sizes);
* to set the log file limit (please read Log file limits before doing this).
To figure out the best-practice BDB backup scenario, the reader is highly
recommended to read the whole Chapter 9: Berkeley DB Transactional Data Store Applications.
......
......@@ -85,6 +85,9 @@ PB:
PB:
# Appendices
!include "appendix-changes.sdf"; appendix
PB:
# Config file examples
!include "appendix-configs.sdf"; appendix
PB:
......
......@@ -498,3 +498,8 @@ Write waiters:
> entryDN: cn=Write,cn=Waiters,cn=Monitor
> subschemaSubentry: cn=Subschema
> hasSubordinates: FALSE
Add new monitored things here and discuss, referencing man pages and present
examples
......@@ -147,6 +147,12 @@ This overlay allows expansion of dynamic groups and more.
H3: Dynamic List Configuration
H2: Reverse Group Membership Maintenance
H3: Member Of Configuration
H2: The Proxy Cache Engine
{{TERM:LDAP}} servers typically hold one or more subtrees of a
......
......@@ -27,11 +27,11 @@ The slurpd daemon was the original replication mechanism inherited from
UMich's LDAP and operates in push mode: the master pushes changes to the
slaves. It has been replaced for many reasons, in brief:
- It is not reliable
- It is extremely sensitive to the ordering of records in the replog
- It can easily go out of sync, at which point manual intervention is
* It is not reliable
* It is extremely sensitive to the ordering of records in the replog
* It can easily go out of sync, at which point manual intervention is
required to resync the slave database with the master directory
- It isn't very tolerant of unavailable servers. If a slave goes down
* It isn't very tolerant of unavailable servers. If a slave goes down
for a long time, the replog may grow to a size that's too large for
slurpd to process
......@@ -41,11 +41,11 @@ Syncrepl.
{{Why is Syncrepl better?}}
- Syncrepl is self-synchronizing; you can start with a database in any
* Syncrepl is self-synchronizing; you can start with a database in any
state from totally empty to fully synced and it will automatically do
the right thing to achieve and maintain synchronization
- Syncrepl can operate in either direction
- Data updates can be minimal or maximal
* Syncrepl can operate in either direction
* Data updates can be minimal or maximal
{{How do I implement a pushed based replication system using Syncrepl?}}
......
......@@ -10,6 +10,8 @@ integrity and confidentiality protections and to support
LDAP authentication using the {{TERM:SASL}} {{TERM:EXTERNAL}} mechanism.
TLS is defined in {{REF:RFC4346}}.
Note: For generating certifcates, please reference {{URL:http://www.openldap.org/faq/data/cache/185.html}}
H2: TLS Certificates
TLS uses {{TERM:X.509}} certificates to carry client and server
......
......@@ -31,7 +31,10 @@ The following checklist can help track down your problem. Please try to use if {
posting to the list, or in the rare circumstances of reporting a bug.
.{{S: }}
^{{B: Is {{slapd}} running?}}
^{{B: Use the {{slaptest}} tool to verify configurations before starting {{slapd}}}}
.{{S: }}
+{{B: Verify that {{slapd}} is listening to the specified port(s) (389 and 636, generally) before trying the {{ldapsearch}}}}
.{{S: }}
+{{B: Can you issue an {{ldapsearch}}?}}
......@@ -60,9 +63,9 @@ the general LDAP forum for non-commercial discussions and information relating t
H2: How to contact the OpenLDAP Project
- Mailing Lists: {{URL:http://www.openldap.org/lists/}}
- Project: {{URL: http://www.openldap.org/project/}}
- Issue Tracking: {{URL:http://www.openldap.org/its/}}
* Mailing Lists: {{URL:http://www.openldap.org/lists/}}
* Project: {{URL: http://www.openldap.org/project/}}
* Issue Tracking: {{URL:http://www.openldap.org/its/}}
H2: How to present your problem
......@@ -70,6 +73,10 @@ H2: How to present your problem
H2: Debugging {{slapd}}(8)
* Loglevel 256 is generally a good first loglevel to try for getting
information useful to list members on issues
* Running {{slapd -d -1}} can often track down fairly simple issues, such as
missing schemas and incorrect file permissions for the {{slapd}} user to things like certs
H2: Commercial Support
......
......@@ -300,13 +300,13 @@ A default config can be found in the answer:
just change the set_lg_dir to point to your .log directory or comment that line.
Quick guide:
- Create a DB_CONFIG file in your ldap home directory (/var/lib/ldap/DB_CONFIG) with the correct "set_cachesize" value
- stop your ldap server and run db_recover -h /var/lib/ldap
- start your ldap server and check the new cache size with:
* Create a DB_CONFIG file in your ldap home directory (/var/lib/ldap/DB_CONFIG) with the correct "set_cachesize" value
* stop your ldap server and run db_recover -h /var/lib/ldap
* start your ldap server and check the new cache size with:
db_stat -h /var/lib/ldap -m | head -n 2
- this procedure is only needed if you use OpenLDAP 2.2 with the BDB or HDB backends; In OpenLDAP 2.3 DB recovery is performed automatically whenever the DB_CONFIG file is changed or when an unclean shutdown is detected.
* this procedure is only needed if you use OpenLDAP 2.2 with the BDB or HDB backends; In OpenLDAP 2.3 DB recovery is performed automatically whenever the DB_CONFIG file is changed or when an unclean shutdown is detected.
--On Tuesday, February 22, 2005 12:15 PM -0500 Dusty Doris <openldap@mail.doris.cc> wrote:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment