From: Jong Hyuk Choi Date: Mon, 24 Nov 2003 18:57:22 +0000 (+0000) Subject: syncrepl update X-Git-Tag: OPENLDAP_REL_ENG_2_1_MP~408 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=d6073762fa338829cc3adf64c5bd9dc881c11fc4;p=openldap syncrepl update --- diff --git a/doc/guide/admin/slapdconfig.sdf b/doc/guide/admin/slapdconfig.sdf index 844e0efaae..bbc0bd5cc4 100644 --- a/doc/guide/admin/slapdconfig.sdf +++ b/doc/guide/admin/slapdconfig.sdf @@ -446,25 +446,25 @@ H4: syncrepl > syncrepl id= > provider=ldap[s]://[:port] -> [binddn=] -> [bindmethod=simple|sasl] -> [binddn=] -> [credentials=] -> [saslmech=] -> [secprops=] -> [realm=] -> [authcId=] -> [authzId=] -> [updatedn=] +> [type=refreshOnly|refreshAndPersist] +> [interval=dd:hh:mm:ss] > [searchbase=] > [filter=] -> [attrs=] > [scope=sub|one|base] +> [attrs=] +> [attrsonly] > [sizelimit=] > [timelimit=] > [schemachecking=on|off] -> [type=refreshOnly|refreshAndPersist] -> [interval=dd:hh:mm:ss] +> [updatedn=] +> [bindmethod=simple|sasl] +> [binddn=] +> [saslmech=] +> [authcid=] +> [authzid=] +> [credentials=] +> [realm=] +> [secprops=] This directive specifies the current database as a replica of the master database at the provider site. The replica database at the @@ -494,51 +494,66 @@ not represent the replication peers of each other. The content of the syncrepl replica is defined using a search specification as its result set. The consumer slapd will send search requests to the provider slapd according to the search -specification. The search specification consists of {{EX:searchbase}}, -{{EX:scope}}, {{EX:filter}}, and {{EX:attrs}} parameters -as in the normal search specification. The search requests -for the LDAP Content Synchronization operation is attached -a special control for synchronization and replica management. - -The LDAP Content Synchronization protocol has two types of operation -modes : {{EX:refreshOnly}} and {{EX:refreshAndPersist}}. +specification. The search specification includes {{EX:searchbase}}, +{{EX:scope}}, {{EX:filter}}, {{EX:attrs}}, {{EX:attrsonly}}, +{{EX:sizelimit}}, and {{EX:timelimit}} parameters as in the normal +search specification. The syncrepl search specification +has the same default value semantics as the {{REF:ldapsearch(1)}} +client search tool. + +The LDAP Content Synchronization protocol has two operation +types: {{EX:refreshOnly}} and {{EX:refreshAndPersist}}. The operation type is specified by the {{EX:type}} parameter. In the {{EX:refreshOnly}} mode, the next synchronization search operation -is rescheduled periodically at the interval time after the current +is periodically rescheduled at an interval time after each synchronization operation finishes. The interval is specified by the {{EX:interval}} parameter. It is set to one day by default. In the {{EX:refreshAndPersist}} mode, a synchronization search remains persistent in the provider slapd. Further updates to the -master replica will make searchResultEntry search responses -to the persistent synchronization search delivered to the consumer -slapd in order to synchronize the replica. +master replica will generate searchResultEntry to the consumer slapd +as the search responses to the persistent synchronization search. The schema checking can be enforced at the LDAP Sync consumer site by turning on the {{EX:schemachecking}} parameter. The default is off. -The {{EX:binddn}} parameter gives the DN for a LDAP Content Synchronization -search to bind as to the provider slapd. The search result, i.e., the -content of the replica, will be subject to the access control privileges -of the DN. - -The {{EX:bindmethod}} is {{EX:simple}} or {{EX:sasl}}, depending -on whether simple password-based authentication or SASL authentication -is to be used when connecting to the provider slapd. +The {{EX:updatedn}} paramter specifies the DN in the consumer site +which is allowed to make changes to the replica. This DN is used +locally by the syncrepl engine when updating the replica with +the entries received from the provider site by using the +internal operation mechanism. The update of the replica content +is subject to the access control privileges of the DN. +The DN should have read/write access to the replica database. +It is typically given as a {{EX:rootdn}} in the consumer site's +config file. + +The {{EX:binddn}} parameter gives the DN to bind as for the +syncrepl searches to the provider slapd. It should be a DN +which has read access to the replication content in the +master database. + +The {{EX:bindmethod}} is {{EX:simple}} or {{EX:sasl}}, +depending on whether simple password-based authentication or +{{TERM:SASL}} authentication is to be used when connecting +to the provider slapd. Simple authentication should not be used unless adequate integrity -and data confidential protections are in place (e.g. TLS or IPSEC). -Simple authentication requires specification of {{EX:binddn}} and +and privacy protections are in place (e.g. TLS or IPSEC). Simple +authentication requires specification of {{EX:binddn}} and {{EX:credentials}} parameters. -SASL authentication is generally recommended. SASL authentication -requires specification of a mechanism using the {{EX:mech}} parameter. +SASL authentication is generally recommended. SASL authentication +requires specification of a mechanism using the {{EX:saslmech}} parameter. Depending on the mechanism, an authentication identity and/or -credentials can be specified using {{EX:authcid}} and {{EX:credentials}} +credentials can be specified using {{EX:authcid}} and {{EX:credentials}}, respectively. The {{EX:authzid}} parameter may be used to specify -a proxy authorization identity. +an authorization identity. + +The {{EX:realm}} parameter specifies a realm which a certain +mechanisms authenticate the identity within. The {{EX:secprops}} +parameter specifies Cyrus SASL security properties. -The syncrepl replication mechanism is supported in the three native backends: -back-bdb, back-hdb, and back-ldbm. +The syncrepl replication mechanism is supported by the +three native backends: back-bdb, back-hdb, and back-ldbm. See the {{SECT:LDAP Sync Replication}} chapter of the admin guide for more information on how to use this directive.