ITS#7897 fix admin guide syncrepl TLS defaults

[openldap] / doc / guide / admin / slapdconfig.sdf

diff --git a/doc/guide/admin/slapdconfig.sdf b/doc/guide/admin/slapdconfig.sdf
index cb4f93c0380cdbf69826a66f9af166d0eb4e3f9b..f197b6c5d469230186b60b4f786d5fb6ac521185 100644 (file)
--- a/doc/guide/admin/slapdconfig.sdf
+++ b/doc/guide/admin/slapdconfig.sdf
@@ -1,5 +1,5 @@
 # $OpenLDAP$
-# Copyright 1999-2013 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2015 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: The slapd Configuration File
@@ -264,10 +264,11 @@ supported backend types listed in Table 6.2.
 !block table; align=Center; coltags="EX,N"; \
        title="Table 6.2: Database Backends"
 Types  Description
-bdb    Berkeley DB transactional backend
+bdb    Berkeley DB transactional backend (deprecated)
 dnssrv DNS SRV backend
-hdb    Hierarchical variant of bdb backend
+hdb    Hierarchical variant of bdb backend (deprecated)
 ldap   Lightweight Directory Access Protocol (Proxy) backend
+mdb    Memory-Mapped DB backend
 meta   Meta Directory backend
 monitor        Monitor backend
 passwd Provides read-only access to {{passwd}}(5)
@@ -316,7 +317,8 @@ H4: readonly { on | off }
 
 This directive puts the database into "read-only" mode. Any
 attempts to modify the database will return an "unwilling to
-perform" error.
+perform" error.  If set on a consumer, modifications sent by
+syncrepl will still occur.
 
 \Default:
 
@@ -518,10 +520,8 @@ The {{EX:starttls}} parameter specifies use of the StartTLS extended
 operation to establish a TLS session before authenticating to the provider.
 If the {{EX:critical}} argument is supplied, the session will be aborted
 if the StartTLS request fails.  Otherwise the syncrepl session continues
-without TLS.  Note that the main slapd TLS settings are not used by the
-syncrepl engine; by default the TLS parameters from a {{ldap.conf}}(5)
-configuration file will be used.  TLS settings may be specified here,
-in which case any {{ldap.conf}}(5) settings will be completely ignored.
+without TLS.  The tls_reqcert setting defaults to {{EX:"demand"}} and the
+other TLS settings default to the same as the main slapd TLS settings.
 
 Rather than replicating whole entries, the consumer can query logs
 of data modifications.  This mode of operation is referred to as
@@ -534,8 +534,8 @@ conforms to the obsolete {{changelog}} format. If the {{EX:syncdata}}
 parameter is omitted or set to {{EX:"default"}} then the log
 parameters are ignored.
 
-The {{syncrepl}} replication mechanism is supported by the {{bdb}} and
-{{hdb}} backends.
+The {{syncrepl}} replication mechanism is supported by the {{bdb}},
+{{hdb}}, and {{mdb}} backends.
 
 See the {{SECT:LDAP Sync Replication}} chapter of this guide for
 more information on how to use this directive.