Commit e4067862 authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

ITS#9275 -- Update wording to remove slave and master terms, consolidate on provider/consumer

parent a2c81aeb
...@@ -9,7 +9,7 @@ A N N O U N C E M E N T -- OpenLDAP 2.4 ...@@ -9,7 +9,7 @@ A N N O U N C E M E N T -- OpenLDAP 2.4
* Slapd(8) enhancements * Slapd(8) enhancements
- Syncrepl enhancements, including push-mode and - Syncrepl enhancements, including push-mode and
Multi-Master support Multi-Provider support
- Dynamic configuration enhancements, including - Dynamic configuration enhancements, including
online schema editing and full access control online schema editing and full access control
- Dynamic monitoring enhancements, including - Dynamic monitoring enhancements, including
......
...@@ -134,7 +134,7 @@ OpenLDAP 2.4.47 Release (2018/12/19) ...@@ -134,7 +134,7 @@ OpenLDAP 2.4.47 Release (2018/12/19)
Fixed slapd-bdb/hdb/mdb to not convert certain IDLs to ranges (ITS#8868) Fixed slapd-bdb/hdb/mdb to not convert certain IDLs to ranges (ITS#8868)
Fixed slapo-accesslog deadlock during cleanup (ITS#8752) Fixed slapo-accesslog deadlock during cleanup (ITS#8752)
Fixed slapo-memberof cn=config modifications (ITS#8663) Fixed slapo-memberof cn=config modifications (ITS#8663)
Fixed slapo-ppolicy with multimaster replication (ITS#8927) Fixed slapo-ppolicy with multi-provider replication (ITS#8927)
Fixed slapo-syncprov with NULL modlist (ITS#8843) Fixed slapo-syncprov with NULL modlist (ITS#8843)
Build Environment Build Environment
Added slapd reproducible build support (ITS#8928) Added slapd reproducible build support (ITS#8928)
...@@ -196,7 +196,7 @@ OpenLDAP 2.4.45 Release (2017/06/01) ...@@ -196,7 +196,7 @@ OpenLDAP 2.4.45 Release (2017/06/01)
Fixed slapd segfault with invalid hostname (ITS#8631) Fixed slapd segfault with invalid hostname (ITS#8631)
Fixed slapd sasl SEGV rebind in same session (ITS#8568) Fixed slapd sasl SEGV rebind in same session (ITS#8568)
Fixed slapd syncrepl filter handling (ITS#8413) Fixed slapd syncrepl filter handling (ITS#8413)
Fixed slapd syncrepl infinite looping mods with delta-sync MMR (ITS#8432) Fixed slapd syncrepl infinite looping mods with delta-sync MPR (ITS#8432)
Fixed slapd callback struct so older modules without writewait should function. Fixed slapd callback struct so older modules without writewait should function.
Custom modules may need to be updated for sc_writewait callback (ITS#8435) Custom modules may need to be updated for sc_writewait callback (ITS#8435)
Fixed slapd-ldap/meta broken LDAP_TAILQ macro (ITS#8576) Fixed slapd-ldap/meta broken LDAP_TAILQ macro (ITS#8576)
...@@ -271,7 +271,7 @@ OpenLDAP 2.4.43 Release (2015/11/30) ...@@ -271,7 +271,7 @@ OpenLDAP 2.4.43 Release (2015/11/30)
Fixed slapd-ldap to skip client controls in ldap_back_entry_get (ITS#8244) Fixed slapd-ldap to skip client controls in ldap_back_entry_get (ITS#8244)
Fixed slapd-null to have an option to return a search entry (ITS#8249) Fixed slapd-null to have an option to return a search entry (ITS#8249)
Fixed slapd-relay to correctly handle quoted options (ITS#8284) Fixed slapd-relay to correctly handle quoted options (ITS#8284)
Fixed slapo-accesslog delta-sync MMR with interrupted refresh phase (ITS#8281) Fixed slapo-accesslog delta-sync MPR with interrupted refresh phase (ITS#8281)
Fixed slapo-dds segfault when using slapo-memberof (ITS#8133) Fixed slapo-dds segfault when using slapo-memberof (ITS#8133)
Fixed slapo-ppolicy to allow purging of stale pwdFailureTime attributes (ITS#8185) Fixed slapo-ppolicy to allow purging of stale pwdFailureTime attributes (ITS#8185)
Fixed slapo-ppolicy to release entry on failure (ITS#7537) Fixed slapo-ppolicy to release entry on failure (ITS#7537)
...@@ -315,7 +315,7 @@ OpenLDAP 2.4.41 Release (2015/06/21) ...@@ -315,7 +315,7 @@ OpenLDAP 2.4.41 Release (2015/06/21)
Fixed slapd slapadd config db import of minimal frontend entry (ITS#8150) Fixed slapd slapadd config db import of minimal frontend entry (ITS#8150)
Fixed slapd slapadd onetime leak with -w (ITS#8014) Fixed slapd slapadd onetime leak with -w (ITS#8014)
Fixed slapd sasl auxprop crash with invalid config (ITS#8092) Fixed slapd sasl auxprop crash with invalid config (ITS#8092)
Fixed slapd syncrepl delta-mmr issue with overlays and slapd.conf (ITS#7976) Fixed slapd syncrepl delta-mpr issue with overlays and slapd.conf (ITS#7976)
Fixed slapd syncrepl mutex for cookie state (ITS#7968) Fixed slapd syncrepl mutex for cookie state (ITS#7968)
Fixed slapd syncrepl memory leaks (ITS#8035) Fixed slapd syncrepl memory leaks (ITS#8035)
Fixed slapd syncrepl to free presentlist at end of refresh mode (ITS#8038) Fixed slapd syncrepl to free presentlist at end of refresh mode (ITS#8038)
...@@ -475,7 +475,7 @@ OpenLDAP 2.4.38 Release (2013/11/16) ...@@ -475,7 +475,7 @@ OpenLDAP 2.4.38 Release (2013/11/16)
Fixed liblmdb wasted space on split (ITS#7589) Fixed liblmdb wasted space on split (ITS#7589)
Fixed slapd for certs with a NULL issuerDN (ITS#7746) Fixed slapd for certs with a NULL issuerDN (ITS#7746)
Fixed slapd cn=config with empty nested includes (ITS#7739) Fixed slapd cn=config with empty nested includes (ITS#7739)
Fixed slapd syncrepl memory leak with delta-sync MMR (ITS#7735) Fixed slapd syncrepl memory leak with delta-sync MPR (ITS#7735)
Fixed slapd-bdb/hdb to stop processing on dn not found (ITS#7741) Fixed slapd-bdb/hdb to stop processing on dn not found (ITS#7741)
Fixed slapd-bdb/hdb with indexed ANDed filters (ITS#7743) Fixed slapd-bdb/hdb with indexed ANDed filters (ITS#7743)
Fixed slapd-mdb to stop processing on dn not found (ITS#7741) Fixed slapd-mdb to stop processing on dn not found (ITS#7741)
...@@ -581,7 +581,7 @@ OpenLDAP 2.4.34 Release (2013/03/01) ...@@ -581,7 +581,7 @@ OpenLDAP 2.4.34 Release (2013/03/01)
Fixed liblmdb to validate data limits (ITS#7485) Fixed liblmdb to validate data limits (ITS#7485)
Fixed liblmdb mdb_update_key for large keys (ITS#7505) Fixed liblmdb mdb_update_key for large keys (ITS#7505)
Fixed ldapmodify to not core dump with invalid LDIF (ITS#7477) Fixed ldapmodify to not core dump with invalid LDIF (ITS#7477)
Fixed slapd syncrepl for old entries in MMR setup (ITS#7427) Fixed slapd syncrepl for old entries in MPR setup (ITS#7427)
Fixed slapd signedness for index_substr_any_* (ITS#7449) Fixed slapd signedness for index_substr_any_* (ITS#7449)
Fixed slapd enforce SLAPD_MAX_DAEMON_THREADS (ITS#7450) Fixed slapd enforce SLAPD_MAX_DAEMON_THREADS (ITS#7450)
Fixed slapd mutex in send_ldap_ber (ITS#6164) Fixed slapd mutex in send_ldap_ber (ITS#6164)
...@@ -598,7 +598,7 @@ OpenLDAP 2.4.34 Release (2013/03/01) ...@@ -598,7 +598,7 @@ OpenLDAP 2.4.34 Release (2013/03/01)
Fixed slapd-meta segfault when modifying olcDbUri (ITS#7526) Fixed slapd-meta segfault when modifying olcDbUri (ITS#7526)
Fixed slapd-sql back-config support (ITS#7499) Fixed slapd-sql back-config support (ITS#7499)
Fixed slapo-constraint handle uri and restrict correctly (ITS#7418) Fixed slapo-constraint handle uri and restrict correctly (ITS#7418)
Fixed slapo-constraint with multi-master replication (ITS#7426) Fixed slapo-constraint with multi-provider replication (ITS#7426)
Fixed slapo-constraint segfault (ITS#7431) Fixed slapo-constraint segfault (ITS#7431)
Fixed slapo-deref control initialization (ITS#7436) Fixed slapo-deref control initialization (ITS#7436)
Fixed slapo-deref control exposure (ITS#7445) Fixed slapo-deref control exposure (ITS#7445)
...@@ -635,7 +635,7 @@ OpenLDAP 2.4.33 Release (2012/10/10) ...@@ -635,7 +635,7 @@ OpenLDAP 2.4.33 Release (2012/10/10)
Fixed slapd alock handling on Windows (ITS#7361) Fixed slapd alock handling on Windows (ITS#7361)
Fixed slapd acl handling with zero-length values (ITS#7350) Fixed slapd acl handling with zero-length values (ITS#7350)
Fixed slapd syncprov to not reference ops inside a lock (ITS#7172) Fixed slapd syncprov to not reference ops inside a lock (ITS#7172)
Fixed slapd delta-syncrepl MMR with large attribute values (ITS#7354) Fixed slapd delta-syncrepl MPR with large attribute values (ITS#7354)
Fixed slapd slapd_rw_destroy function (ITS#7390) Fixed slapd slapd_rw_destroy function (ITS#7390)
Fixed slapd-ldap idassert bind handling (ITS#7403) Fixed slapd-ldap idassert bind handling (ITS#7403)
Fixed slapd-mdb slapadd -q -w double free (ITS#7356) Fixed slapd-mdb slapadd -q -w double free (ITS#7356)
...@@ -721,7 +721,7 @@ OpenLDAP 2.4.31 Release (2012/04/21) ...@@ -721,7 +721,7 @@ OpenLDAP 2.4.31 Release (2012/04/21)
Fixed slapd listener initialization (ITS#7233) Fixed slapd listener initialization (ITS#7233)
Fixed slapd cn=config with olcTLSVerifyClient (ITS#7197) Fixed slapd cn=config with olcTLSVerifyClient (ITS#7197)
Fixed slapd delta-syncrepl fallback on non-leaf error (ITS#7195) Fixed slapd delta-syncrepl fallback on non-leaf error (ITS#7195)
Fixed slapd to reject MMR setups with bad serverID setting (ITS#7200) Fixed slapd to reject MPR setups with bad serverID setting (ITS#7200)
Fixed slapd approxIndexer key generation (ITS#7203) Fixed slapd approxIndexer key generation (ITS#7203)
Fixed slapd modification of olcSuffix (ITS#7205) Fixed slapd modification of olcSuffix (ITS#7205)
Fixed slapd schema validation with missing definitions (ITS#7224) Fixed slapd schema validation with missing definitions (ITS#7224)
...@@ -799,7 +799,7 @@ OpenLDAP 2.4.27 Release (2011/11/24) ...@@ -799,7 +799,7 @@ OpenLDAP 2.4.27 Release (2011/11/24)
Added slapd support for draft-wahl-ldap-session (ITS#6984) Added slapd support for draft-wahl-ldap-session (ITS#6984)
Added slapadd pipelining capability (ITS#7078) Added slapadd pipelining capability (ITS#7078)
Added slapd Add-if-not-present (ITS#6561) Added slapd Add-if-not-present (ITS#6561)
Added slapd delta-syncrepl MMR (ITS#6734,ITS#7029,ITS#7031) Added slapd delta-syncrepl MPR (ITS#6734,ITS#7029,ITS#7031)
Added slapd-mdb experimental backend (ITS#7079) Added slapd-mdb experimental backend (ITS#7079)
Added slapd-passwd dynamic config support Added slapd-passwd dynamic config support
Added slapd-perl dynamic config support Added slapd-perl dynamic config support
...@@ -1083,11 +1083,11 @@ OpenLDAP 2.4.24 Release (2011/02/10) ...@@ -1083,11 +1083,11 @@ OpenLDAP 2.4.24 Release (2011/02/10)
Fixed slapo-syncprov filter race condition (ITS#6708) Fixed slapo-syncprov filter race condition (ITS#6708)
Fixed slapo-syncprov active mod race (ITS#6709) Fixed slapo-syncprov active mod race (ITS#6709)
Fixed slapo-syncprov to refresh if context is dirty (ITS#6710) Fixed slapo-syncprov to refresh if context is dirty (ITS#6710)
Fixed slapo-syncprov CSN updates to all replicas (ITS#6718) Fixed slapo-syncprov CSN updates to all consumers (ITS#6718)
Fixed slapo-syncprov sessionlog ordering (ITS#6716) Fixed slapo-syncprov sessionlog ordering (ITS#6716)
Fixed slapo-syncprov sessionlog with adds (ITS#6503) Fixed slapo-syncprov sessionlog with adds (ITS#6503)
Fixed slapo-syncprov mutex (ITS#6438) Fixed slapo-syncprov mutex (ITS#6438)
Fixed slapo-syncprov mincsn check with MMR (ITS#6717) Fixed slapo-syncprov mincsn check with MPR (ITS#6717)
Fixed slapo-syncprov control leak (ITS#6795) Fixed slapo-syncprov control leak (ITS#6795)
Fixed slapo-syncprov error codes (ITS#6812) Fixed slapo-syncprov error codes (ITS#6812)
Fixed slapo-translucent entry leak (ITS#6746) Fixed slapo-translucent entry leak (ITS#6746)
...@@ -1279,7 +1279,7 @@ OpenLDAP 2.4.20 Release (2009/11/27) ...@@ -1279,7 +1279,7 @@ OpenLDAP 2.4.20 Release (2009/11/27)
OpenLDAP 2.4.19 Release (2009/10/06) OpenLDAP 2.4.19 Release (2009/10/06)
Fixed client tools with null timeouts (ITS#6282) Fixed client tools with null timeouts (ITS#6282)
Fixed slapadd to warn about missing attrs for replicas (ITS#6281) Fixed slapadd to warn about missing attrs for consumers (ITS#6281)
Fixed slapd acl cache (ITS#6287) Fixed slapd acl cache (ITS#6287)
Fixed slapd tools to allow -n for conversion (ITS#6258) Fixed slapd tools to allow -n for conversion (ITS#6258)
Fixed slapd-ldap with null timeouts (ITS#6282) Fixed slapd-ldap with null timeouts (ITS#6282)
...@@ -1446,8 +1446,8 @@ OpenLDAP 2.4.16 Release (2009/04/05) ...@@ -1446,8 +1446,8 @@ OpenLDAP 2.4.16 Release (2009/04/05)
Fixed slapd schema_init freed value (ITS#6036) Fixed slapd schema_init freed value (ITS#6036)
Fixed slapd syncrepl newCookie sync messages (ITS#5972) Fixed slapd syncrepl newCookie sync messages (ITS#5972)
Fixed slapd syncrepl hang during shutdown (ITS#6011) Fixed slapd syncrepl hang during shutdown (ITS#6011)
Fixed slapd syncrepl too many MMR messages (ITS#6020) Fixed slapd syncrepl too many MPR messages (ITS#6020)
Fixed slapd syncrepl skipped entries with MMR (ITS#5988) Fixed slapd syncrepl skipped entries with MPR (ITS#5988)
Fixed slapd-bdb/hdb cachesize handling (ITS#5860) Fixed slapd-bdb/hdb cachesize handling (ITS#5860)
Fixed slapd-bdb/hdb with slapcat with empty dn (ITS#6006) Fixed slapd-bdb/hdb with slapcat with empty dn (ITS#6006)
Fixed slapd-bdb/hdb with NULL transactions (ITS#6012) Fixed slapd-bdb/hdb with NULL transactions (ITS#6012)
...@@ -1457,19 +1457,19 @@ OpenLDAP 2.4.16 Release (2009/04/05) ...@@ -1457,19 +1457,19 @@ OpenLDAP 2.4.16 Release (2009/04/05)
Fixed slapo-accesslog interaction with ppolicy (ITS#5979) Fixed slapo-accesslog interaction with ppolicy (ITS#5979)
Fixed slapo-dynlist conversion to cn=config (ITS#6002) Fixed slapo-dynlist conversion to cn=config (ITS#6002)
Fixed slapo-syncprov newCookie sync messages (ITS#5972) Fixed slapo-syncprov newCookie sync messages (ITS#5972)
Fixed slapd-syncprov too many MMR messages (ITS#6020) Fixed slapd-syncprov too many MPR messages (ITS#6020)
Fixed slapo-syncprov replica lockout (ITS#5985) Fixed slapo-syncprov consumer lockout (ITS#5985)
Fixed slapo-syncprov modtarget tracking (ITS#5999) Fixed slapo-syncprov modtarget tracking (ITS#5999)
Fixed slapo-syncprov multiple CSN propagation (ITS#5973) Fixed slapo-syncprov multiple CSN propagation (ITS#5973)
Fixed slapo-syncprov race condition (ITS#6045) Fixed slapo-syncprov race condition (ITS#6045)
Fixed slapo-syncprov sending cookies without CSN (ITS#6024) Fixed slapo-syncprov sending cookies without CSN (ITS#6024)
Fixed slapo-syncprov skipped entries with MMR (ITS#5988) Fixed slapo-syncprov skipped entries with MPR (ITS#5988)
Fixed tools passphrase free (ITS#6014) Fixed tools passphrase free (ITS#6014)
Build Environment Build Environment
Cleaned up alloc/free functions for Windows (ITS#6005) Cleaned up alloc/free functions for Windows (ITS#6005)
Fixed running of autosave files in testsuite (ITS#6026) Fixed running of autosave files in testsuite (ITS#6026)
Documentation Documentation
admin24 clarified MMR URI requirements (ITS#5942,ITS#5987) admin24 clarified MPR URI requirements (ITS#5942,ITS#5987)
Added ldapexop(1) manual page (ITS#5982) Added ldapexop(1) manual page (ITS#5982)
slapd-ldap/meta(5) added missing TLS options (ITS#5989) slapd-ldap/meta(5) added missing TLS options (ITS#5989)
...@@ -1519,14 +1519,14 @@ OpenLDAP 2.4.14 Release (2009/02/14) ...@@ -1519,14 +1519,14 @@ OpenLDAP 2.4.14 Release (2009/02/14)
Fixed slapd connection assert (ITS#5835) Fixed slapd connection assert (ITS#5835)
Fixed slapd epoll handling (ITS#5886) Fixed slapd epoll handling (ITS#5886)
Fixed slapd frontend/backend options handling (ITS#5857) Fixed slapd frontend/backend options handling (ITS#5857)
Fixed slapd glue with MMR (ITS#5925) Fixed slapd glue with MPR (ITS#5925)
Fixed slapd logging on Windows (ITS#5392) Fixed slapd logging on Windows (ITS#5392)
Fixed slapd listener comparison (ITS#5613) Fixed slapd listener comparison (ITS#5613)
Fixed slapd manageDSAit with glue entries (ITS#5921) Fixed slapd manageDSAit with glue entries (ITS#5921)
Fixed slapd relax behavior with structuralObjectClass (ITS#5792) Fixed slapd relax behavior with structuralObjectClass (ITS#5792)
Fixed slapd syncrepl rename handling (ITS#5809) Fixed slapd syncrepl rename handling (ITS#5809)
Fixed slapd syncrepl MMR when adding new server (ITS#5850) Fixed slapd syncrepl MPR when adding new server (ITS#5850)
Fixed slapd syncrepl MMR with deleted entries (ITS#5843) Fixed slapd syncrepl MPR with deleted entries (ITS#5843)
Fixed slapd syncrepl replication with glued DB (ITS#5866) Fixed slapd syncrepl replication with glued DB (ITS#5866)
Fixed slapd syncrepl replication with moddn (ITS#5901) Fixed slapd syncrepl replication with moddn (ITS#5901)
Fixed slapd syncrepl replication with referrals (ITS#5881) Fixed slapd syncrepl replication with referrals (ITS#5881)
...@@ -1760,7 +1760,7 @@ OpenLDAP 2.4.11 Release (2008/07/16) ...@@ -1760,7 +1760,7 @@ OpenLDAP 2.4.11 Release (2008/07/16)
Fixed slapd equality rules for olcRootDN/olcSchemaDN (ITS#5540) Fixed slapd equality rules for olcRootDN/olcSchemaDN (ITS#5540)
Fixed slapd sets memory leak (ITS#5557) Fixed slapd sets memory leak (ITS#5557)
Fixed slapd sortvals binary search (ITS#5578) Fixed slapd sortvals binary search (ITS#5578)
Fixed slapd syncrepl updates with multiple masters (ITS#5597) Fixed slapd syncrepl updates with multiple providers (ITS#5597)
Fixed slapd syncrepl superior objectClass delete/add (ITS#5600) Fixed slapd syncrepl superior objectClass delete/add (ITS#5600)
Fixed slapd syncrepl/slapo-syncprov contextCSN updates as internal ops (ITS#5596) Fixed slapd syncrepl/slapo-syncprov contextCSN updates as internal ops (ITS#5596)
Added slapd-ldap/slapd-meta option to filter out search references (ITS#5593) Added slapd-ldap/slapd-meta option to filter out search references (ITS#5593)
...@@ -1837,7 +1837,7 @@ OpenLDAP 2.4.9 Release (2008/05/07) ...@@ -1837,7 +1837,7 @@ OpenLDAP 2.4.9 Release (2008/05/07)
Fixed slapd syncrepl crash on empty CSN (ITS#5432) Fixed slapd syncrepl crash on empty CSN (ITS#5432)
Fixed slapd syncrepl refreshAndPersist (ITS#5454) Fixed slapd syncrepl refreshAndPersist (ITS#5454)
Fixed slapd syncrepl modrdn processing (ITS#5397) Fixed slapd syncrepl modrdn processing (ITS#5397)
Fixed slapd syncrepl MMR partial refresh (ITS#5470) Fixed slapd syncrepl MPR partial refresh (ITS#5470)
Fixed slapd value list termination (ITS#5450) Fixed slapd value list termination (ITS#5450)
Fixed slapd/slapo-accesslog rq mutex usage (ITS#5442) Fixed slapd/slapo-accesslog rq mutex usage (ITS#5442)
Fixed slapd-bdb ID_NOCACHE handling (ITS#5439) Fixed slapd-bdb ID_NOCACHE handling (ITS#5439)
...@@ -1909,7 +1909,7 @@ OpenLDAP 2.4.8 Release (2008/02/19) ...@@ -1909,7 +1909,7 @@ OpenLDAP 2.4.8 Release (2008/02/19)
Fixed slapd-bdb crash with modrdn (ITS#5358) Fixed slapd-bdb crash with modrdn (ITS#5358)
Fixed slapd-bdb SEGV with bdb4.6 (ITS#5322) Fixed slapd-bdb SEGV with bdb4.6 (ITS#5322)
Fixed slapd-bdb modrdn to same dn (ITS#5319) Fixed slapd-bdb modrdn to same dn (ITS#5319)
Fixed slapd-bdb MMR (ITS#5332) Fixed slapd-bdb MPR (ITS#5332)
Added slapd-bdb/slapd-hdb DB encryption (ITS#5359) Added slapd-bdb/slapd-hdb DB encryption (ITS#5359)
Fixed slapd-ldif delete (ITS#5265) Fixed slapd-ldif delete (ITS#5265)
Fixed slapd-meta link to slapd-ldap (ITS#5355) Fixed slapd-meta link to slapd-ldap (ITS#5355)
...@@ -1946,7 +1946,7 @@ OpenLDAP 2.4.7 Release (2007/12/14) ...@@ -1946,7 +1946,7 @@ OpenLDAP 2.4.7 Release (2007/12/14)
Fixed slapd paged results handling when using rootdn (ITS#5230) Fixed slapd paged results handling when using rootdn (ITS#5230)
Fixed slapd syncrepl presentlist handling (ITS#5231) Fixed slapd syncrepl presentlist handling (ITS#5231)
Fixed slapd core schema 'c' definition for RFC4519 (ITS#5236) Fixed slapd core schema 'c' definition for RFC4519 (ITS#5236)
Fixed slapd 3-way Multi-Master Replication (ITS#5238) Fixed slapd 3-way multi-provider replication (ITS#5238)
Fixed slapd hash collisions in index slots (ITS#5183) Fixed slapd hash collisions in index slots (ITS#5183)
Fixed slapd replication of dSAOperation attributes (ITS#5268) Fixed slapd replication of dSAOperation attributes (ITS#5268)
Fixed slapadd contextCSN updating (ITS#5225) Fixed slapadd contextCSN updating (ITS#5225)
......
...@@ -84,8 +84,7 @@ Currently simple and kerberos-based authentication, are supported. ...@@ -84,8 +84,7 @@ Currently simple and kerberos-based authentication, are supported.
To use LDAP and still have reasonable security in a networked, To use LDAP and still have reasonable security in a networked,
Internet/Intranet environment, secure shell can be used to setup Internet/Intranet environment, secure shell can be used to setup
secure, encrypted connections between client machines and the LDAP secure, encrypted connections between client machines and the LDAP
server, and between the LDAP server and any replica or slave servers server, and between all LDAP nodes that might be used.
that might be used.
To perform the LDAP "bind" operation: To perform the LDAP "bind" operation:
......
...@@ -60,7 +60,7 @@ attribute is updated on each successful bind operation. ...@@ -60,7 +60,7 @@ attribute is updated on each successful bind operation.
.B lastbind_forward_updates .B lastbind_forward_updates
Specify that updates of the authTimestamp attribute Specify that updates of the authTimestamp attribute
on a consumer should be forwarded on a consumer should be forwarded
to a master instead of being written directly into the consumer's local to a provider instead of being written directly into the consumer's local
database. This setting is only useful on a replication consumer, and database. This setting is only useful on a replication consumer, and
also requires the also requires the
.B updateref .B updateref
......
...@@ -69,7 +69,7 @@ sdf-img: \ ...@@ -69,7 +69,7 @@ sdf-img: \
intro_tree.png \ intro_tree.png \
ldap-sync-refreshandpersist.png \ ldap-sync-refreshandpersist.png \
ldap-sync-refreshonly.png \ ldap-sync-refreshonly.png \
n-way-multi-master.png \ n-way-multi-provider.png \
push-based-complete.png \ push-based-complete.png \
push-based-standalone.png \ push-based-standalone.png \
refint.png \ refint.png \
......
...@@ -45,9 +45,9 @@ H2: Replicated Directory Service ...@@ -45,9 +45,9 @@ H2: Replicated Directory Service
slapd(8) includes support for {{LDAP Sync}}-based replication, called slapd(8) includes support for {{LDAP Sync}}-based replication, called
{{syncrepl}}, which may be used to maintain shadow copies of directory {{syncrepl}}, which may be used to maintain shadow copies of directory
information on multiple directory servers. In its most basic information on multiple directory servers. In its most basic
configuration, the {{master}} is a syncrepl provider and one or more configuration, the {{provider}} is a syncrepl provider and one or more
{{slave}} (or {{shadow}}) are syncrepl consumers. An example {{consumer}} (or {{shadow}}) are syncrepl consumers. An example
master-slave configuration is shown in figure 3.3. Multi-Master provider-consumer configuration is shown in figure 3.3. Multi-Provider
configurations are also supported. configurations are also supported.
!import "config_repl.png"; align="center"; title="Replicated Directory Services" !import "config_repl.png"; align="center"; title="Replicated Directory Services"
......
...@@ -33,7 +33,7 @@ tuned to give quick response to high-volume lookup or search ...@@ -33,7 +33,7 @@ tuned to give quick response to high-volume lookup or search
operations. They may have the ability to replicate information operations. They may have the ability to replicate information
widely in order to increase availability and reliability, while widely in order to increase availability and reliability, while
reducing response time. When directory information is replicated, reducing response time. When directory information is replicated,
temporary inconsistencies between the replicas may be okay, as long temporary inconsistencies between the consumers may be okay, as long
as inconsistencies are resolved in a timely manner. as inconsistencies are resolved in a timely manner.
There are many different ways to provide a directory service. There are many different ways to provide a directory service.
...@@ -436,11 +436,11 @@ a pool of threads. This reduces the amount of system overhead ...@@ -436,11 +436,11 @@ a pool of threads. This reduces the amount of system overhead
required while providing high performance. required while providing high performance.
{{B:Replication}}: {{slapd}} can be configured to maintain shadow {{B:Replication}}: {{slapd}} can be configured to maintain shadow
copies of directory information. This {{single-master/multiple-slave}} copies of directory information. This {{single-provider/multiple-consumer}}
replication scheme is vital in high-volume environments where a replication scheme is vital in high-volume environments where a
single {{slapd}} installation just doesn't provide the necessary availability single {{slapd}} installation just doesn't provide the necessary availability
or reliability. For extremely demanding environments where a or reliability. For extremely demanding environments where a
single point of failure is not acceptable, {{multi-master}} replication single point of failure is not acceptable, {{multi-provider}} replication
is also available. {{slapd}} includes support for {{LDAP Sync}}-based is also available. {{slapd}} includes support for {{LDAP Sync}}-based
replication. replication.
......
...@@ -159,7 +159,7 @@ type are: ...@@ -159,7 +159,7 @@ type are:
.{{S: }} .{{S: }}
+{{B: Start the server}} +{{B: Start the server}}
Obviously this doesn't cater for any complicated deployments like {{SECT: MirrorMode}} or {{SECT: N-Way Multi-Master}}, Obviously this doesn't cater for any complicated deployments like {{SECT: MirrorMode}} or {{SECT: N-Way Multi-Provider}},
but following the above sections and using either commercial support or community support should help. Also check the but following the above sections and using either commercial support or community support should help. Also check the
{{SECT: Troubleshooting}} section. {{SECT: Troubleshooting}} section.
......
...@@ -79,7 +79,7 @@ or in raw form. ...@@ -79,7 +79,7 @@ or in raw form.
It is also used for {{SECT:delta-syncrepl replication}} It is also used for {{SECT:delta-syncrepl replication}}
Note: An accesslog database is unique to a given master. It should Note: An accesslog database is unique to a given provider. It should
never be replicated. never be replicated.
H3: Access Logging Configuration H3: Access Logging Configuration
...@@ -259,13 +259,13 @@ default when {{B:--enable-ldap}}. ...@@ -259,13 +259,13 @@ default when {{B:--enable-ldap}}.
H3: Chaining Configuration H3: Chaining Configuration
In order to demonstrate how this overlay works, we shall discuss a typical In order to demonstrate how this overlay works, we shall discuss a typical
scenario which might be one master server and three Syncrepl slaves. scenario which might be one provider server and three Syncrepl replicas.
On each replica, add this near the top of the {{slapd.conf}}(5) file On each replica, add this near the top of the {{slapd.conf}}(5) file
(global), before any database definitions: (global), before any database definitions:
> overlay chain > overlay chain
> chain-uri "ldap://ldapmaster.example.com" > chain-uri "ldap://ldapprovider.example.com"
> chain-idassert-bind bindmethod="simple" > chain-idassert-bind bindmethod="simple"
> binddn="cn=Manager,dc=example,dc=com" > binddn="cn=Manager,dc=example,dc=com"
> credentials="<secret>" > credentials="<secret>"
...@@ -275,48 +275,48 @@ On each replica, add this near the top of the {{slapd.conf}}(5) file ...@@ -275,48 +275,48 @@ On each replica, add this near the top of the {{slapd.conf}}(5) file
Add this below your {{syncrepl}} statement: Add this below your {{syncrepl}} statement:
> updateref "ldap://ldapmaster.example.com/" > updateref "ldap://ldapprovider.example.com/"
The {{B:chain-tls}} statement enables TLS from the slave to the ldap master. The {{B:chain-tls}} statement enables TLS from the replica to the ldap provider.
The DITs are exactly the same between these machines, therefore whatever user The DITs are exactly the same between these machines, therefore whatever user
bound to the slave will also exist on the master. If that DN does not have bound to the replica will also exist on the provider. If that DN does not have
update privileges on the master, nothing will happen. update privileges on the provider, nothing will happen.
You will need to restart the slave after these {{slapd.conf}} changes. You will need to restart the replica after these {{slapd.conf}} changes.
Then, if you are using {{loglevel stats}} (256), you can monitor an Then, if you are using {{loglevel stats}} (256), you can monitor an
{{ldapmodify}} on the slave and the master. (If you're using {{cn=config}} {{ldapmodify}} on the replica and the provider. (If you're using {{cn=config}}
no restart is required.) no restart is required.)
Now start an {{ldapmodify}} on the slave and watch the logs. You should expect Now start an {{ldapmodify}} on the replica and watch the logs. You should expect
something like: something like:
> Sep 6 09:27:25 slave1 slapd[29274]: conn=11 fd=31 ACCEPT from IP=143.199.102.216:45181 (IP=143.199.102.216:389) > Sep 6 09:27:25 replica1 slapd[29274]: conn=11 fd=31 ACCEPT from IP=143.199.102.216:45181 (IP=143.199.102.216:389)
> Sep 6 09:27:25 slave1 slapd[29274]: conn=11 op=0 STARTTLS > Sep 6 09:27:25 replica1 slapd[29274]: conn=11 op=0 STARTTLS
> Sep 6 09:27:25 slave1 slapd[29274]: conn=11 op=0 RESULT oid= err=0 text= > Sep 6 09:27:25 replica1 slapd[29274]: conn=11 op=0 RESULT oid= err=0 text=
> Sep 6 09:27:25 slave1 slapd[29274]: conn=11 fd=31 TLS established tls_ssf=256 ssf=256 > Sep 6 09:27:25 replica1 slapd[29274]: conn=11 fd=31 TLS established tls_ssf=256 ssf=256
> Sep 6 09:27:28 slave1 slapd[29274]: conn=11 op=1 BIND dn="uid=user1,ou=people,dc=example,dc=com" method=128 > Sep 6 09:27:28 replica1 slapd[29274]: conn=11 op=1 BIND dn="uid=user1,ou=people,dc=example,dc=com" method=128
> Sep 6 09:27:28 slave1 slapd[29274]: conn=11 op=1 BIND dn="uid=user1,ou=People,dc=example,dc=com" mech=SIMPLE ssf=0 > Sep 6 09:27:28 replica1 slapd[29274]: conn=11 op=1 BIND dn="uid=user1,ou=People,dc=example,dc=com" mech=SIMPLE ssf=0
> Sep 6 09:27:28 slave1 slapd[29274]: conn=11 op=1 RESULT tag=97 err=0 text= > Sep 6 09:27:28 replica1 slapd[29274]: conn=11 op=1 RESULT tag=97 err=0 text=
> Sep 6 09:27:28 slave1 slapd[29274]: conn=11 op=2 MOD dn="uid=user1,ou=People,dc=example,dc=com" > Sep 6 09:27:28 replica1 slapd[29274]: conn=11 op=2 MOD dn="uid=user1,ou=People,dc=example,dc=com"
> Sep 6 09:27:28 slave1 slapd[29274]: conn=11 op=2 MOD attr=mail > Sep 6 09:27:28 replica1 slapd[29274]: conn=11 op=2 MOD attr=mail
> Sep 6 09:27:28 slave1 slapd[29274]: conn=11 op=2 RESULT tag=103 err=0 text= > Sep 6 09:27:28 replica1 slapd[29274]: conn=11 op=2 RESULT tag=103 err=0 text=
> Sep 6 09:27:28 slave1 slapd[29274]: conn=11 op=3 UNBIND > Sep 6 09:27:28 replica1 slapd[29274]: conn=11 op=3 UNBIND
> Sep 6 09:27:28 slave1 slapd[29274]: conn=11 fd=31 closed > Sep 6 09:27:28 replica1 slapd[29274]: conn=11 fd=31 closed
> Sep 6 09:27:28 slave1 slapd[29274]: syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_MODIFY) > Sep 6 09:27:28 replica1 slapd[29274]: syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_MODIFY)
> Sep 6 09:27:28 slave1 slapd[29274]: syncrepl_entry: be_search (0) > Sep 6 09:27:28 replica1 slapd[29274]: syncrepl_entry: be_search (0)
> Sep 6 09:27:28 slave1 slapd[29274]: syncrepl_entry: uid=user1,ou=People,dc=example,dc=com > Sep 6 09:27:28 replica1 slapd[29274]: syncrepl_entry: uid=user1,ou=People,dc=example,dc=com
> Sep 6 09:27:28 slave1 slapd[29274]: syncrepl_entry: be_modify (0) > Sep 6 09:27:28 replica1 slapd[29274]: syncrepl_entry: be_modify (0)
And on the master you will see this: And on the provider you will see this:
> Sep 6 09:23:57 ldapmaster slapd[2961]: conn=55902 op=3 PROXYAUTHZ dn="uid=user1,ou=people,dc=example,dc=com" > Sep 6 09:23:57 ldapprovider slapd[2961]: conn=55902 op=3 PROXYAUTHZ dn="uid=user1,ou=people,dc=example,dc=com"
> Sep 6 09:23:57 ldapmaster slapd[2961]: conn=55902 op=3 MOD dn="uid=user1,ou=People,dc=example,dc=com" > Sep 6 09:23:57 ldapprovider slapd[2961]: conn=55902 op=3 MOD dn="uid=user1,ou=People,dc=example,dc=com"
> Sep 6 09:23:57 ldapmaster slapd[2961]: conn=55902 op=3 MOD attr=mail > Sep 6 09:23:57 ldapprovider slapd[2961]: conn=55902 op=3 MOD attr=mail
> Sep 6 09:23:57 ldapmaster slapd[2961]: conn=55902 op=3 RESULT tag=103 err=0 text= > Sep 6 09:23:57 ldapprovider slapd[2961]: conn=55902 op=3 RESULT tag=103 err=0 text=
Note: You can clearly see the PROXYAUTHZ line on the master, indicating the Note: You can clearly see the PROXYAUTHZ line on the provider, indicating the
proper identity assertion for the update on the master. Also note the slave proper identity assertion for the update on the provider. Also note the replica
immediately receiving the Syncrepl update from the master. immediately receiving the Syncrepl update from the provider.
H3: Handling Chaining Errors H3: Handling Chaining Errors
...@@ -683,8 +683,8 @@ H2: The Proxy Cache Engine ...@@ -683,8 +683,8 @@ H2: The Proxy Cache Engine
{{TERM:LDAP}} servers typically hold one or more subtrees of a {{TERM:LDAP}} servers typically hold one or more subtrees of a
{{TERM:DIT}}. Replica (or shadow) servers hold shadow copies of {{TERM:DIT}}. Replica (or shadow) servers hold shadow copies of
entries held by one or more master servers. Changes are propagated entries held by one or more provider servers. Changes are propagated
from the master server to replica (slave) servers using LDAP Sync from the provider server to replica servers using LDAP Sync
replication. An LDAP cache is a special type of replica which holds replication. An LDAP cache is a special type of replica which holds
entries corresponding to search filters instead of subtrees. entries corresponding to search filters instead of subtrees.
......
This diff is collapsed.
...@@ -569,12 +569,12 @@ H4: olcSyncrepl ...@@ -569,12 +569,12 @@ H4: olcSyncrepl
> [syncdata=default|accesslog|changelog] > [syncdata=default|accesslog|changelog]
This directive specifies the current database as a replica of the This directive specifies the current database as a consumer of the
master content by establishing the current {{slapd}}(8) as a provider content by establishing the current {{slapd}}(8) as a
replication consumer site running a syncrepl replication engine. replication consumer site running a syncrepl replication engine.
The master database is located at the replication provider site The provider database is located at the provider site
specified by the {{EX:provider}} parameter. The replica database is specified by the {{EX:provider}} parameter. The consumer database is
kept up-to-date with the master content using the LDAP Content kept up-to-date with the provider content using the LDAP Content
Synchronization protocol. See {{REF:RFC4533}} Synchronization protocol. See {{REF:RFC4533}}
for more information on the protocol. for more information on the protocol.
...@@ -585,19 +585,16 @@ described by the current {{EX:syncrepl}} directive. {{EX:<replica ID>}} ...@@ -585,19 +585,16 @@ described by the current {{EX:syncrepl}} directive. {{EX:<replica ID>}}
is non-negative and is no more than three decimal digits in length. is non-negative and is no more than three decimal digits in length.
The {{EX:provider}} parameter specifies the replication provider site The {{EX:provider}} parameter specifies the replication provider site
containing the master content as an LDAP URI. The {{EX:provider}} containing the provider content as an LDAP URI. The {{EX:provider}}
parameter specifies a scheme, a host and optionally a port where the parameter specifies a scheme, a host and optionally a port where the
provider slapd instance can be found. Either a domain name or IP provider slapd instance can be found. Either a domain name or IP
address may be used for <hostname>. Examples are address may be used for <hostname>. Examples are
{{EX:ldap://provider.example.com:389}} or {{EX:ldaps://192.168.1.1:636}}. {{EX:ldap://provider.example.com:389}} or {{EX:ldaps://192.168.1.1:636}}.
If <port> is not given, the standard LDAP port number (389 or 636) is used. If <port> is not given, the standard LDAP port number (389 or 636) is used.
Note that the syncrepl uses a consumer-initiated protocol, and hence its Note that the syncrepl uses a consumer-initiated protocol, and hence its
specification is located at the consumer site, whereas the {{EX:replica}} specification is located on the consumer.
specification is located at the provider site. {{EX:syncrepl}} and
{{EX:replica}} directives define two independent replication
mechanisms. They do not represent the replication peers of each other.
The content of the syncrepl replica is defined using a search The content of the syncrepl consumer is defined using a search
specification as its result set. The consumer slapd will specification as its result set. The consumer slapd will
send search requests to the provider slapd according to the search send search requests to the provider slapd according to the search
specification. The search specification includes {{EX:searchbase}}, specification. The search specification includes {{EX:searchbase}},
...@@ -620,7 +617,7 @@ synchronization operation finishes. The interval is specified ...@@ -620,7 +617,7 @@ synchronization operation finishes. The interval is specified
by the {{EX:interval}} parameter. It is set to one day by default. by the {{EX:interval}} parameter. It is set to one day by default.
In the {{EX:refreshAndPersist}} operation, a synchronization search In the {{EX:refreshAndPersist}} operation, a synchronization search
remains persistent in the provider {{slapd}} instance. Further updates to the remains persistent in the provider {{slapd}} instance. Further updates to the
master replica will generate {{EX:searchResultEntry}} to the consumer slapd provider will generate {{EX:searchResultEntry}} to the consumer slapd
as the search responses to the persistent synchronization search. as the search responses to the persistent synchronization search.
If an error occurs during replication, the consumer will attempt to reconnect If an error occurs during replication, the consumer will attempt to reconnect
...@@ -633,8 +630,8 @@ indefinite number of retries until success. ...@@ -633,8 +630,8 @@ indefinite number of retries until success.
The schema checking can be enforced at the LDAP Sync consumer site The schema checking can be enforced at the LDAP Sync consumer site
by turning on the {{EX:schemachecking}} parameter. by turning on the {{EX:schemachecking}} parameter.
If it is turned on, every replicated entry will be checked for its If it is turned on, every replicated entry will be checked for its