Specify a set of features (separated by white space) to
allow (default none).
.B bind_v2
-allows acceptance of LDAPv2 bind requests.
+allows acceptance of LDAPv2 bind requests. Note that
+.BR slapd (8)
+does not truely implement LDAPv2 (RFC 1777), now Historic (RFC 3494).
.B bind_anon_cred
allows anonymous bind when credentials are not empty (e.g.
when DN is empty).
.B concurrency <integer>
Specify a desired level of concurrency. Provided to the underlying
thread system as a hint. The default is not to provide any hint.
+.TP
+.B conn_max_pending <integer>
+Specify the maximum number of pending requests for an anonymous session.
+If requests are submitted faster than the server can process them, they
+will be queued up to this limit. If the limit is exceeded, the session
+is closed. The default is 100.
+.TP
+.B conn_max_pending_auth <integer>
+Specify the maximum number of pending requests for an authenticated session.
+The default is 1000.
.\".TP
.\".B debug <subsys> <level>
.\"Specify a logging level for a particular subsystem. The subsystems include
disables acceptance of anonymous bind requests.
.B bind_simple
disables simple (bind) authentication.
-.B bind_simple_unprotected
-disables simple (bind) authentication when confidentiality
-protection (e.g. TLS) is not in place. The
-.B security
-directive's
-.B simple_bind
-option provides fine grain control over the confidentiality
-protection required for simple bind.
.B bind_krbv4
disables Kerberos V4 (bind) authentication.
.B tls_2_anon
<style> ::= exact | base | one | subtree | children | regex | anonymous
.RE
-.B Anonymous
-is hit when a search is performed without prior binding;
+The term
+.B anonymous
+matches all unauthenticated clients.
+the term
.B users
-is hit when a search is performed by a successfully bound user;
+matches all authenticated clients;
otherwise a
.B regex
dn pattern is assumed unless otherwise specified by qualifying
cannot find a local database to handle a request.
If specified multiple times, each url is provided.
.TP
+.B replica-argsfile
+The ( absolute ) name of a file that will hold the
+.B slurpd
+server's command line options
+if started without the debugging command line option.
+.TP
+.B replica-pidfile
+The ( absolute ) name of a file that will hold the
+.B slurpd
+server's process ID ( see
+.BR getpid (2)
+) if started without the debugging command line option.
+.TP
.B require <conditions>
Specify a set of conditions (separated by white space) to
require (default none).
.B nodict
flag disables mechanisms susceptible to passive dictionary attacks.
The
-.B noanonyous
+.B noanonymous
flag disables mechanisms which support anonymous login.
The
.B forwardsec
If the suffix of one database is "inside" that of another, the database
with the inner suffix must come first in the configuration file.
.TP
-.B suffixalias <alias> <aliased suffix>
-Specify an alternate suffix that may be used to reference an already defined
-database suffix. Operations specifying DNs residing under the alias
-will execute as if they had specified the aliased suffix.
-.TP
.B subordinate
Specify that the current backend database is a subordinate of another
backend database. A subordinate database may have only one suffix. This
.TP
.B updatedn <dn>
This option is only applicable in a slave
-.B slapd.
-It specifies the DN allowed to make changes to the replica (typically,
-this is the DN
+.B slapd.
+It specifies the DN permitted to update (subject to access controls)
+the replica (typically, this is the DN
.BR slurpd (8)
-binds as when making changes to the replica).
+binds to update the replica).
.TP
.B updateref <url>
Specify the referral to pass back when