1 .TH SLAPD-SOCK 5 "RELEASEDATE" "OpenLDAP LDVERSION"
2 .\" Copyright 2007-2011 The OpenLDAP Foundation All Rights Reserved.
3 .\" Copying restrictions apply. See COPYRIGHT/LICENSE.
6 slapd\-sock \- Socket backend/overlay to slapd
12 uses an external program to handle queries, similarly to
14 However, in this case the external program listens on a Unix domain socket.
15 This makes it possible to have a pool of processes, which persist between
16 requests. This allows multithreaded operation and a higher level of
17 efficiency. The external program must have been started independently;
19 itself will not start it.
21 This module may also be used as an overlay on top of some other database.
22 Use as an overlay allows external actions to be triggered in response to
23 operations on the main database.
27 options apply to the SOCK backend database.
28 That is, they must follow a "database sock" line and come before any
29 subsequent "backend" or "database" lines.
30 Other database options are described in the
34 Alternatively, to use this module as an overlay, these directives must
35 follow an "overlay sock" line within an existing database definition.
37 .B extensions [ binddn | peername | ssf | connid ]*
38 Enables the sending of additional meta-attributes with each request.
41 peername: IP=<address>:<port>
43 connid: <connection ID>
46 .B socketpath <pathname>
47 Gives the path to a Unix domain socket to which the commands will
48 be sent and from which replies are received.
50 The protocol is essentially the same as
52 with the addition of a newline to terminate the command parameters. The
53 following commands are sent:
58 <repeat { "suffix:" <database suffix DN> }>
59 <entry in LDIF format>
68 <repeat { "suffix:" <database suffix DN> }>
70 method: <method number>
71 credlen: <length of <credentials>>
81 <repeat { "suffix:" <database suffix DN> }>
92 <repeat { "suffix:" <database suffix DN> }>
102 <repeat { "suffix:" <database suffix DN> }>
105 <"add"/"delete"/"replace">: <attribute>
106 <repeat { <attribute>: <value> }>
117 <repeat { "suffix:" <database suffix DN> }>
120 deleteoldrdn: <0 or 1>
121 <if new superior is specified: "newSuperior: <DN>">
130 <repeat { "suffix:" <database suffix DN> }>
132 scope: <0-2, see ldap.h>
133 deref: <0-3, see ldap.h>
134 sizelimit: <size limit>
135 timelimit: <time limit>
138 attrs: <"all" or space-separated attribute list>
147 <repeat { "suffix:" <database suffix DN> }>
152 The commands - except \fBunbind\fP - should output:
157 matched: <matched DN>
161 where only RESULT is mandatory, and then close the socket.
162 The \fBsearch\fP RESULT should be preceded by the entries in LDIF
163 format, each entry followed by a blank line.
164 Lines starting with `#' or `DEBUG:' are ignored.
168 backend does not honor all ACL semantics as described in
169 .BR slapd.access (5).
170 In general, access to objects is checked by using a dummy object
171 that contains only the DN, so access rules that rely on the contents
172 of the object are not honored.
177 operation does not require
181 pseudo-attribute of the parent entry.
189 pseudo-attribute of the entry whose identity is being assessed;
191 access to the credentials is not checked, but rather delegated
192 to the underlying program.
201 of the object whose value is being asserted;
203 access to the attribute whose value is being asserted is not checked.
207 operation does not require
211 pseudo-attribute of the parent entry.
221 access to the specific attributes that are modified is not checked.
225 operation does not require
229 pseudo-attribute of the parent entry, nor to that of the new parent,
232 access to the distinguished values of the naming attributes
237 operation does not require
241 pseudo_attribute of the searchBase;
243 access to the attributes and values used in the filter is not checked.
246 There is an example script in the slapd/back\-sock/ directory
247 in the OpenLDAP source tree.
251 default slapd configuration file
254 .BR slapd\-config (5),
257 Brian Candler, with enhancements by Howard Chu