.TH SLAPD.CONF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2013 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2015 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
When using Mozilla NSS these parameters are always generated randomly
so this directive is ignored.
.TP
+.B TLSECName <name>
+Specify the name of a curve to use for Elliptic curve Diffie-Hellman
+ephemeral key exchange. This is required to enable ECDHE algorithms in
+OpenSSL. This option is not used with GnuTLS; the curves may be
+chosen in the GnuTLS ciphersuite specification. This option is also
+ignored for Mozilla NSS.
+.TP
.B TLSProtocolMin <major>[.<minor>]
Specifies minimum SSL/TLS protocol version that will be negotiated.
If the server doesn't support at least that version,
.BR hdb ,
.BR ldap ,
.BR ldif ,
+.BR mdb ,
.BR meta ,
.BR monitor ,
.BR null ,
.BR hdb ,
.BR ldap ,
.BR ldif ,
+.BR mdb ,
.BR meta ,
.BR monitor ,
.BR null ,
in order to work over all of the glued databases. E.g.
.RS
.nf
- database bdb
+ database mdb
suffix dc=example,dc=com
...
overlay glue
.B [filter=<filter str>]
.B [scope=sub|one|base|subord]
.B [attrs=<attr list>]
+.B [exattrs=<attr list>]
.B [attrsonly]
.B [sizelimit=<limit>]
.B [timelimit=<limit>]
.B [tls_cacert=<file>]
.B [tls_cacertdir=<path>]
.B [tls_reqcert=never|allow|try|demand]
-.B [tls_ciphersuite=<ciphers>]
+.B [tls_cipher_suite=<ciphers>]
.B [tls_crlcheck=none|peer|all]
.B [tls_protocol_min=<major>[.<minor>]]
.B [suffixmassage=<real DN>]
.B [logbase=<base DN>]
.B [logfilter=<filter str>]
.B [syncdata=default|accesslog|changelog]
+.B [lazycommit]
.RS
Specify the current database as a replica which is kept up-to-date with the
master content by establishing the current
will be enforced by the provider regardless of the limits requested
by the LDAP Content Synchronization operation, much like for any other
search operation.
+.B exattrs
+option may also be used to specify attributes that should be omitted
+from incoming entries.
+The \fBscope\fP defaults to \fBsub\fP, the \fBfilter\fP defaults to
+\fB(objectclass=*)\fP, and there is no default \fBsearchbase\fP. The
+\fBattrs\fP list defaults to \fB"*,+"\fP to return all user and operational
+attributes, and \fBattrsonly\fP and \fBexattrs\fP are unset by default.
+The \fBsizelimit\fP and \fBtimelimit\fP only
+accept "unlimited" and positive integers, and both default to "unlimited".
+Note, however, that any provider-side limits for the replication identity
+will be enforced by the provider regardless of the limits requested
+by the LDAP Content Synchronization operation, much like for any other
+search operation.
The LDAP Content Synchronization protocol has two operation types.
In the
.B syncdata
parameter is omitted or set to "default" then the log parameters are
ignored.
+
+The
+.B lazycommit
+parameter tells the underlying database that it can store changes without
+performing a full flush after each change. This may improve performance
+for the consumer, while sacrificing safety or durability.
.RE
.TP
.B updatedn <dn>
# Read access to other attributes and entries.
access to * by * read
-database bdb
+database mdb
suffix "dc=our\-domain,dc=com"
# The database directory MUST exist prior to
# running slapd AND should only be accessible
projects / openldap / blobdiff