From 3742cdd766ee797d621eefdb6e936b667542e483 Mon Sep 17 00:00:00 2001 From: Quanah Gibson-Mount Date: Fri, 15 Dec 2006 22:28:50 +0000 Subject: [PATCH] Update with: starttls tls keywords logbase logfilter syncdata parameters that are now available. Add the relevant documentation from slapd.conf(5) about these parameters. --- doc/guide/admin/slapdconf2.sdf | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/doc/guide/admin/slapdconf2.sdf b/doc/guide/admin/slapdconf2.sdf index 113005dd1a..bfc546ca2e 100644 --- a/doc/guide/admin/slapdconf2.sdf +++ b/doc/guide/admin/slapdconf2.sdf @@ -629,6 +629,17 @@ H4: olcSyncrepl > [credentials=] > [realm=] > [secprops=] +> [starttls=yes|critical] +> [tls_cert=] +> [tls_key=] +> [tls_cacert=] +> [tls_cacertdir=] +> [tls_reqcert=never|allow|try|demand] +> [tls_ciphersuite=] +> [tls_crlcheck=none|peer|all] +> [logbase=] +> [logfilter=] +> [syncdata=default|accesslog|changelog] This directive specifies the current database as a replica of the @@ -727,6 +738,25 @@ The {{EX:realm}} parameter specifies a realm which a certain mechanisms authenticate the identity within. The {{EX:secprops}} parameter specifies Cyrus SASL security properties. +The {{EX:starttls}} parameter specifies use of the StartTLS extended +operation to establish a TLS session before Binding to the provider. +If the {{EX:critical}} argument is supplied, the session will be aborted +if the StartTLS request fails. Otherwise the syncrepl session continues +without TLS. Note that the main slapd TLS settings are not used by the +syncrepl engine; by default the TLS parameters from {{EX:ldap.conf}} +will be used. TLS settings may be specified here, in which case the +{{EX:ldap.conf}} settings will be completely ignored. + +Rather than replicating whole entries, the consumer can query logs of +data modifications. This mode of operation is referred to as +{{EX:delta syncrepl}}. In addition to the above parameters, the +{{EX:logbase}} and {{EX:logfilter}} parameters must be set appropriately +for the log that will be used. The {{EX:syncdata}} parameter must be set +to either "accesslog" if the log conforms to the {{EX:slapo-accesslog (5)}} +log format, or "changelog" if the log conforms to the obsolete +{{EX:changelog}} format. If the {{EX:syncdata}} parameter is omitted or set +to "default" then the log parameters are ignored. + The syncrepl replication mechanism is supported by the two native backends: back-bdb and back-hdb. -- 2.39.5