The desired log level can be input as a single integer that combines
the (ORed) desired levels, both in decimal or in hexadecimal notation,
as a list of integers (that are ORed internally),
-or as a list of the names that are shown between brackets, such that
+or as a list of the names that are shown between parenthesis, such that
.LP
.nf
olcLogLevel: 129
default is empty, which just uses slapd's internal support. Usually
no other auxprop plugins are needed.
.TP
+.B olcSaslAuxpropsDontUseCopy: <attr> [...]
+Specify which attribute(s) should be subject to the don't use copy control. This
+is necessary for some SASL mechanisms such as OTP to work in a replicated
+environment. The attribute "cmusaslsecretOTP" is the default value.
+.TP
+.B olcSaslAuxpropsDontUseCopyIgnore TRUE | FALSE
+Used to disable replication of the attribute(s) defined by
+olcSaslAuxpropsDontUseCopy and instead use a local value for the attribute. This
+allows the SASL mechanism to continue to work if the master is offline. This can
+cause replication inconsistency. Defaults to FALSE.
+.TP
.B olcSaslHost: <fqdn>
Used to specify the fully qualified domain name used for SASL processing.
.TP
olcTLSCipherSuite: HIGH:MEDIUM:+SSLv2
.TP
.I GnuTLS:
-TLSCiphersuite SECURE256:!AES-128-CBC
+olcTLSCiphersuite: SECURE256:!AES-128-CBC
.RE
To check what ciphers a given spec selects in OpenSSL, use:
a file that contains the password for the key for the certificate specified with
olcTLSCertificateFile. The modutil command can be used to turn off password
protection for the cert/key database. For example, if olcTLSCACertificatePath
-specifes /etc/openldap/certdb as the location of the cert/key database, use
+specifies /etc/openldap/certdb as the location of the cert/key database, use
modutil to change the password to the empty string:
.nf
modutil \-dbdir /etc/openldap/certdb \-changepw 'NSS Certificate DB'