htmldoc --batch guide.book
clean:
- rm -f *.pdf *.html
+ rm -f *.pdf *.html *~
--- /dev/null
+# $OpenLDAP$
+# Copyright 2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+
+H1: Changes Since Previous Release
+
+Nice intro here to praise everyones hard work!
+
+H2: New Guide Sections
+
+* Overlays
+* Backends
+* Tuning
+* complete later.........
+
+H2: New Features in 2.4
+
+Another nice intro here
+
+H3: More overlays
+
+* slapo-dds (Dynamic Directory Services, RFC 2589)
+* slapo-memberof (reverse group membership maintenance)
+
+H3: New features in existing ones
+
+* slapo-pcache allows cache inspection/maintenance/hot restart
+* slapo-rwm can safely interoperate with other overlays
+* Dyngroup/Dynlist merge, plus security enhancements
+
+H3: New features in slapd
+
+* monitoring of back-{b,h}db: cache fill-in, non-indexed searches,
+* session tracking control (draft-wahl-ldap-session)
+* subtree delete in back-sql (draft-armijo-ldap-treedelete)
+
+H3: New features in libldap
+
+* ldap_sync client API (LDAP Content Sync Operation, RFC 4533)
+
+H3: New clients and tools
+
+* ldapexop for arbitrary extended operations
+* complete support of controls in request/response for all clients
+
+H3: New build options
+
+* Support for building against GnuTLS
+* Advertisement of LDAP server in DNS
+
+
+H2: Obsolete Features in 2.4
+
+H3: Slurpd
The Null backend to {{slapd}}(8) is surely the most useful part of slapd:
-- Searches return success but no entries.
-- Compares return compareFalse.
-- Updates return success (unless readonly is on) but do nothing.
-- Binds other than as the rootdn fail unless the database option "bind on" is given.
-- The slapadd(8) and slapcat(8) tools are equally exciting.
+* Searches return success but no entries.
+* Compares return compareFalse.
+* Updates return success (unless readonly is on) but do nothing.
+* Binds other than as the rootdn fail unless the database option "bind on" is given.
+* The slapadd(8) and slapcat(8) tools are equally exciting.
Inspired by the {{F:/dev/null}} device.
#HTMLDOC 1.8.27
--t pdf14 -f "guide.pdf" --book --toclevels 3 --no-numbered --toctitle "Table of Contents" --title --titleimage "../images/LDAPwww.gif" --linkstyle plain --size Universal --left 1.00in --right 0.50in --top 36 --bottom 36 --header .t. --header1 ... --footer ..1 --nup 1 --tocheader .t. --tocfooter ..i --duplex --portrait --color --no-pscommands --no-xrxcomments --compression=1 --jpeg=0 --fontsize 11.0 --fontspacing 1.2 --headingfont Helvetica --bodyfont Times --headfootsize 11.0 --headfootfont Helvetica --charset iso-8859-1 --links --embedfonts --pagemode outline --pagelayout single --firstpage p1 --pageeffect none --pageduration 10 --effectduration 1.0 --no-encryption --permissions all --owner-password "" --user-password "" --browserwidth 680 --no-strict --no-overflow
+-t pdf14 -f "OpenLDAP-Admin-Guide.pdf" --book --toclevels 3 --no-numbered --toctitle "Table of Contents" --title --titleimage "../images/LDAPwww.gif" --linkstyle plain --size Universal --left 1.00in --right 0.50in --top 0.50in --bottom 0.50in --header .t. --header1 ... --footer ..1 --nup 1 --tocheader .t. --tocfooter ..i --duplex --portrait --color --no-pscommands --no-xrxcomments --compression=1 --jpeg=0 --fontsize 11.0 --fontspacing 1.2 --headingfont Helvetica --bodyfont Times --headfootsize 11.0 --headfootfont Helvetica --charset iso-8859-1 --links --embedfonts --pagemode outline --pagelayout single --firstpage p1 --pageeffect none --pageduration 10 --effectduration 1.0 --no-encryption --permissions all --owner-password "" --user-password "" --browserwidth 680 --no-strict --no-overflow
admin.html
LDAPv3 was developed in the late 1990's to replace LDAPv2.
LDAPv3 adds the following features to LDAP:
- - Strong authentication and data security services via {{TERM:SASL}}
- - Certificate authentication and data security services via {{TERM:TLS}} (SSL)
- - Internationalization through the use of Unicode
- - Referrals and Continuations
- - Schema Discovery
- - Extensibility (controls, extended operations, and more)
+ * Strong authentication and data security services via {{TERM:SASL}}
+ * Certificate authentication and data security services via {{TERM:TLS}} (SSL)
+ * Internationalization through the use of Unicode
+ * Referrals and Continuations
+ * Schema Discovery
+ * Extensibility (controls, extended operations, and more)
LDAPv2 is historic ({{REF:RFC3494}}). As most {{so-called}} LDAPv2
implementations (including {{slapd}}(8)) do not conform to the
chapter 9 of the Berkeley DB guide. In particular, the following chapters are
recommended:
-- Database and log file archival
-- Log file removal
-- Recovery procedures
-- Hot failover
+* Database and log file archival
+* Log file removal
+* Recovery procedures
+* Hot failover
Advanced installations can use special environment settings to fine-tune some
Berkeley DB options (change the log file limit, etc). This can be done by using
The advantages of {{F:DB_CONFIG}} usage can be the following:
-- to keep data files and log files on different mediums (i.e. disks) to improve
+* to keep data files and log files on different mediums (i.e. disks) to improve
performance and/or reliability;
-- to fine-tune some specific options (such as shared memory region sizes);
-- to set the log file limit (please read Log file limits before doing this).
+* to fine-tune some specific options (such as shared memory region sizes);
+* to set the log file limit (please read Log file limits before doing this).
To figure out the best-practice BDB backup scenario, the reader is highly
recommended to read the whole Chapter 9: Berkeley DB Transactional Data Store Applications.
PB:
# Appendices
+!include "appendix-changes.sdf"; appendix
+PB:
+
# Config file examples
!include "appendix-configs.sdf"; appendix
PB:
> entryDN: cn=Write,cn=Waiters,cn=Monitor
> subschemaSubentry: cn=Subschema
> hasSubordinates: FALSE
+
+Add new monitored things here and discuss, referencing man pages and present
+examples
+
+
H3: Dynamic List Configuration
+H2: Reverse Group Membership Maintenance
+
+
+H3: Member Of Configuration
+
+
H2: The Proxy Cache Engine
{{TERM:LDAP}} servers typically hold one or more subtrees of a
UMich's LDAP and operates in push mode: the master pushes changes to the
slaves. It has been replaced for many reasons, in brief:
- - It is not reliable
- - It is extremely sensitive to the ordering of records in the replog
- - It can easily go out of sync, at which point manual intervention is
+ * It is not reliable
+ * It is extremely sensitive to the ordering of records in the replog
+ * It can easily go out of sync, at which point manual intervention is
required to resync the slave database with the master directory
- - It isn't very tolerant of unavailable servers. If a slave goes down
+ * It isn't very tolerant of unavailable servers. If a slave goes down
for a long time, the replog may grow to a size that's too large for
slurpd to process
{{Why is Syncrepl better?}}
- - Syncrepl is self-synchronizing; you can start with a database in any
+ * Syncrepl is self-synchronizing; you can start with a database in any
state from totally empty to fully synced and it will automatically do
the right thing to achieve and maintain synchronization
- - Syncrepl can operate in either direction
- - Data updates can be minimal or maximal
+ * Syncrepl can operate in either direction
+ * Data updates can be minimal or maximal
{{How do I implement a pushed based replication system using Syncrepl?}}
LDAP authentication using the {{TERM:SASL}} {{TERM:EXTERNAL}} mechanism.
TLS is defined in {{REF:RFC4346}}.
+Note: For generating certifcates, please reference {{URL:http://www.openldap.org/faq/data/cache/185.html}}
+
H2: TLS Certificates
TLS uses {{TERM:X.509}} certificates to carry client and server
posting to the list, or in the rare circumstances of reporting a bug.
.{{S: }}
-^{{B: Is {{slapd}} running?}}
+^{{B: Use the {{slaptest}} tool to verify configurations before starting {{slapd}}}}
+
+.{{S: }}
++{{B: Verify that {{slapd}} is listening to the specified port(s) (389 and 636, generally) before trying the {{ldapsearch}}}}
.{{S: }}
+{{B: Can you issue an {{ldapsearch}}?}}
H2: How to contact the OpenLDAP Project
-- Mailing Lists: {{URL:http://www.openldap.org/lists/}}
-- Project: {{URL: http://www.openldap.org/project/}}
-- Issue Tracking: {{URL:http://www.openldap.org/its/}}
+* Mailing Lists: {{URL:http://www.openldap.org/lists/}}
+* Project: {{URL: http://www.openldap.org/project/}}
+* Issue Tracking: {{URL:http://www.openldap.org/its/}}
H2: How to present your problem
H2: Debugging {{slapd}}(8)
+* Loglevel 256 is generally a good first loglevel to try for getting
+ information useful to list members on issues
+* Running {{slapd -d -1}} can often track down fairly simple issues, such as
+ missing schemas and incorrect file permissions for the {{slapd}} user to things like certs
H2: Commercial Support
just change the set_lg_dir to point to your .log directory or comment that line.
Quick guide:
-- Create a DB_CONFIG file in your ldap home directory (/var/lib/ldap/DB_CONFIG) with the correct "set_cachesize" value
-- stop your ldap server and run db_recover -h /var/lib/ldap
-- start your ldap server and check the new cache size with:
+* Create a DB_CONFIG file in your ldap home directory (/var/lib/ldap/DB_CONFIG) with the correct "set_cachesize" value
+* stop your ldap server and run db_recover -h /var/lib/ldap
+* start your ldap server and check the new cache size with:
db_stat -h /var/lib/ldap -m | head -n 2
-- this procedure is only needed if you use OpenLDAP 2.2 with the BDB or HDB backends; In OpenLDAP 2.3 DB recovery is performed automatically whenever the DB_CONFIG file is changed or when an unclean shutdown is detected.
+* this procedure is only needed if you use OpenLDAP 2.2 with the BDB or HDB backends; In OpenLDAP 2.3 DB recovery is performed automatically whenever the DB_CONFIG file is changed or when an unclean shutdown is detected.
--On Tuesday, February 22, 2005 12:15 PM -0500 Dusty Doris <openldap@mail.doris.cc> wrote:
projects / openldap / commitdiff