From 372cb876a0c07dd2126dfd0fd5dd2c9feeb0ee85 Mon Sep 17 00:00:00 2001 From: Jong Hyuk Choi Date: Thu, 28 Aug 2003 22:29:55 +0000 Subject: [PATCH] slapd.conf man page update (LDAP Sync replication configuration) --- doc/man/man5/slapd.conf.5 | 83 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5 index 4fc1c7cf9f..80e106b385 100644 --- a/doc/man/man5/slapd.conf.5 +++ b/doc/man/man5/slapd.conf.5 @@ -1101,6 +1101,89 @@ Specify the referral to pass back when .BR slapd (8) is asked to modify a replicated local database. If specified multiple times, each url is provided. +.HP +.B syncrepl id= +.B provider=ldap[s]://[:port] +.B [updatedn=] +.B [binddn=] +.B [bindmethod=simple|sasl] [binddn=] [credentials=] +.B [saslmech=] [secprops=] [realm=] +.B [authcId=] [authzId=] +.B [searchbase=] +.B [filter=] +.B [attrs=] +.B [scope=sub|one|base] +.B [type=refreshOnly|refreshAndPersist] +.B [interval=dd:hh:mm] +.RS +Specify an LDAP Sync replication session between the specified replication provider +site and this database (a replication consumer). +The replication consumer communicates with the replication provider to perform +an initial population and the following periodic or persistent synchronizations. +The LDAP Sync replication engine is based on the LDAP Content Sync protocol : +a stateful, pull, incremental, and partial synchronization protocol which +supports both polling and listening modes of operations. +It currently supports entry-level synchronization. +A directory server wide +.B id +uniquely identifies this LDAP Sync replication specification +in the directory server instance. The specification of an LDAP Sync replication +session is based on the search specification which defines the replica content. +The replicated entries are those directory entries of the subtree under the +.B searchbase +with the +.B scope +that match the +.B filter. +Only the attributes specified in the +.B attrs +are included in the replica content. +There are two synchronization modes depending on the incremental +synchronization semantics after the intial content population. +The incremental synchronization is performed periodically with +the +.B interval +when the sync +.B type +is +.B refreshOnly. +Alternatively, the provider sends synchronization messages to the consumer +upon updates to the replicated contents when the sync +.B type +is +.B refreshAndPersist. +The replication provider site is specified by +.B provider +as an LDAP URI. +A +.B bindmethod +of +.B simple +requires the options +.B binddn +and +.B credentials +and should only be used when adequate security services (e.g. TLS or IPSEC) are in place. +A +.B bindmethod +of +.B sasl +requires the option +.B saslmech. +Specific security properties (as with the +.B sasl secprops +keyword above) for a SASL bind can be set with the +.B secprops +option. A non default SASL realm can be set with the +.B realm +option. +If the +.B mechanism +will use Kerberos, a kerberos instance should be given in +.B authcId. +.B updatedn +specifies the DN used to update (subject to access controls) the +replica at the consumer replica. .SH DATABASE-SPECIFIC OPTIONS Each database may allow specific configuration options; they are documented separately in the backends' manual pages. -- 2.39.5