This option puts the database into "read-only" mode. Any attempts to
modify the database will return an "unwilling to perform" error. By
default, readonly is off.
-.HP
-.hy 0
-.B replica uri=ldap[s]://<hostname>[:port]|host=<hostname>[:port]
-.B [starttls=yes|critical]
-.B [suffix=<suffix> [...]]
-.B bindmethod=simple|sasl [binddn=<simple DN>] [credentials=<simple password>]
-.B [saslmech=<SASL mech>] [secprops=<properties>] [realm=<realm>]
-.B [authcId=<authentication ID>] [authzId=<authorization ID>]
-.B [attrs[!]=<attr list>]
-.RS
-Specify a replication site for this database. Refer to the "OpenLDAP
-Administrator's Guide" for detailed information on setting up a replicated
-.B slapd
-directory service. Zero or more
-.B suffix
-instances can be used to select the subtrees that will be replicated
-(defaults to all the database).
-.B host
-is deprecated in favor of the
-.B uri
-option.
-.B uri
-allows the replica LDAP server to be specified as an LDAP URI.
-A
-.B bindmethod
-of
-.B simple
-requires the options
-.B binddn
-and
-.B credentials
-and should only be used when adequate security services
-(e.g TLS or IPSEC) are in place. A
-.B bindmethod
-of
-.B sasl
-requires the option
-.B saslmech.
-Specific security properties (as with the
-.B sasl-secprops
-keyword above) for a SASL bind can be set with the
-.B secprops
-option. A non-default SASL realm can be set with the
-.B realm
-option.
-If the
-.B mechanism
-will use Kerberos, a kerberos instance should be given in
-.B authcId.
-An
-.B attr list
-can be given after the
-.B attrs
-keyword to allow the selective replication of the listed attributes only;
-if the optional
-.B !
-mark is used, the list is considered exclusive, i.e. the listed attributes
-are not replicated.
-If an objectClass is listed, all the related attributes
-are (are not) replicated.
-.RE
.TP
.B restrict <oplist>
Specify a whitespace separated list of operations that are restricted.
projects / openldap / commitdiff