From: Pierangelo Masarati Date: Wed, 21 Dec 2005 19:01:59 +0000 (+0000) Subject: cleanup and clarify the threading issues with back-ldap and back-meta when looping... X-Git-Tag: OPENLDAP_REL_ENG_2_4_BP~527 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=5075d09f493e26e4cabde75b2d4315ba12e27cd5;p=openldap cleanup and clarify the threading issues with back-ldap and back-meta when looping back to the same DSA (ITS#4141) --- diff --git a/doc/man/man5/slapd-ldap.5 b/doc/man/man5/slapd-ldap.5 index 3f62d0c37e..b15d5c8944 100644 --- a/doc/man/man5/slapd-ldap.5 +++ b/doc/man/man5/slapd-ldap.5 @@ -37,6 +37,14 @@ rules; see .BR slapd.conf (5) for details. +.LP +Note: When looping back to the same instance of \fBslapd\fP(8), +each connection requires a new thread; as a consequence, \fBslapd\fP(8) +must be compiled with thread support, and the \fBthreads\fP parameter +may need some tuning; in those cases, one may consider using +\fBslapd-relay\fP(5) instead, which performs the relayed operation +internally and thus reusues the same connection. + .SH CONFIGURATION These .B slapd.conf @@ -46,6 +54,7 @@ subsequent "backend" or "database" lines. Other database options are described in the .BR slapd.conf (5) manual page. + .LP Note: In early versions of back-ldap it was recommended to always set .LP @@ -340,7 +349,8 @@ after it has been idle for the specified time. .SH BACKWARD COMPATIBILITY The LDAP backend has been heavily reworked between releases 2.2 and 2.3; as a side-effect, some of the traditional directives have been -deprecated and should be no longer used. +deprecated and should be no longer used, as they might disappear +in future releases. .TP .B server @@ -360,52 +370,63 @@ check permissions. See the .B idassert-* feature instead. -This directive is obsoleted by -.BR acl-bind , -and may dismissed in the future. +This directive is obsoleted by the +.B binddn +arg of +.B acl-bind +when \fIbindmethod\fP=\fBsimple\fP, and will be dismissed in the future. .TP .B acl-passwd -Password used with the -.B -acl-authcDN -above. -This directive is obsoleted by -.BR acl-bind , -and may be dismissed in the future. +Password used with the above +.B acl-authcDN +directive. +This directive is obsoleted by the +.B binddn +arg of +.B acl-bind +when \fIbindmethod\fP=\fBsimple\fP, and will be dismissed in the future. .TP .B idassert-authcDN "" DN which is used to propagate the client's identity to the target by means of the proxyAuthz control when the client does not belong to the DIT fragment that is being proxied by back-ldap. -This directive is obsoleted by -.BR idassert-bind , -and may be dismissed in the future. +This directive is obsoleted by the +.B binddn +arg of +.BR idassert-bind +when \fIbindmethod\fP=\fBsimple\fP, and will be dismissed in the future. .TP .B idassert-passwd Password used with the .B idassert-authcDN above. -This directive is obsoleted by -.BR idassert-bind , -and may be dismissed in the future. +This directive is obsoleted by the +.B crendentials +of +.B idassert-bind +when \fIbindmethod\fP=\fBsimple\fP, and will be dismissed in the future. .TP .B idassert-mode [] defines what type of .I identity assertion is used. -This directive is obsoleted by +This directive is obsoleted by the +.B mode +arg of .BR idassert-bind , -and may be dismissed in the future. +and will be dismissed in the future. .TP .B idassert-method [] -This directive is obsoleted by +This directive is obsoleted by the +.B bindmethod +arg of .BR idassert-bind , -and may be dismissed in the future. +and will be dismissed in the future. .TP .B suffixmassage, map, rewrite* diff --git a/doc/man/man5/slapd-meta.5 b/doc/man/man5/slapd-meta.5 index e9054bfe17..5b11783d6e 100644 --- a/doc/man/man5/slapd-meta.5 +++ b/doc/man/man5/slapd-meta.5 @@ -37,6 +37,16 @@ These features, although useful in many scenarios, may result in excessive overhead for some applications, so its use should be carefully considered. In the examples section, some typical scenarios will be discussed. + +.LP +Note: When looping back to the same instance of \fBslapd\fP(8), +each connection requires a new thread; as a consequence, \fBslapd\fP(8) +must be compiled with thread support, and the \fBthreads\fP parameter +may need some tuning; in those cases, unless the multiple target feature +is required, one may consider using \fBslapd-relay\fP(5) instead, +which performs the relayed operation internally and thus reusues +the same connection. + .SH EXAMPLES There are examples in various places in this document, as well as in the slapd/back-meta/data/ directory in the OpenLDAP source tree.