The desired log level can be input as a single integer that combines
the (ORed) desired levels, both in decimal or in hexadecimal notation,
as a list of integers (that are ORed internally),
-or as a list of the names that are shown between brackets, such that
+or as a list of the names that are shown between parenthesis, such that
.LP
.nf
olcLogLevel: 129
default is empty, which just uses slapd's internal support. Usually
no other auxprop plugins are needed.
.TP
+.B olcSaslAuxpropsDontUseCopy: <attr> [...]
+Specify which attribute(s) should be subject to the don't use copy control. This
+is necessary for some SASL mechanisms such as OTP to work in a replicated
+environment. The attribute "cmusaslsecretOTP" is the default value.
+.TP
+.B olcSaslAuxpropsDontUseCopyIgnore TRUE | FALSE
+Used to disable replication of the attribute(s) defined by
+olcSaslAuxpropsDontUseCopy and instead use a local value for the attribute. This
+allows the SASL mechanism to continue to work if the master is offline. This can
+cause replication inconsistency. Defaults to FALSE.
+.TP
.B olcSaslHost: <fqdn>
Used to specify the fully qualified domain name used for SASL processing.
.TP
Specify an integer ID from 0 to 4095 for this server (limited
to 3 hexadecimal digits). The ID may also be specified as a
hexadecimal ID by prefixing the value with "0x".
-These IDs are
+Non-zero IDs are
required when using multimaster replication and each master must have a
-unique ID. Note that this requirement also applies to separate masters
+unique non-zero ID. Note that this requirement also applies to separate masters
contributing to a glued set of databases.
If the URL is provided, this directive may be specified
multiple times, providing a complete list of participating servers
and their IDs. The fully qualified hostname of each server should be
used in the supplied URLs. The IDs are used in the "replica id" field
-of all CSNs generated by the specified server. The default value is zero.
+of all CSNs generated by the specified server. The default value is zero, which
+is only valid for single master replication.
Example:
.LP
.nf
Specify the maximum size of the primary thread pool.
The default is 16; the minimum value is 2.
.TP
+.B olcThreadQueues: <integer>
+Specify the number of work queues to use for the primary thread pool.
+The default is 1 and this is typically adequate for up to 8 CPU cores.
+The value should not exceed the number of CPUs in the system.
+.TP
.B olcToolThreads: <integer>
Specify the maximum number of threads to use in tool mode.
This should not be greater than the number of CPUs in the system.
olcTLSCipherSuite: HIGH:MEDIUM:+SSLv2
.TP
.I GnuTLS:
-TLSCiphersuite SECURE256:!AES-128-CBC
+olcTLSCiphersuite: SECURE256:!AES-128-CBC
.RE
To check what ciphers a given spec selects in OpenSSL, use:
a file that contains the password for the key for the certificate specified with
olcTLSCertificateFile. The modutil command can be used to turn off password
protection for the cert/key database. For example, if olcTLSCACertificatePath
-specifes /etc/openldap/certdb as the location of the cert/key database, use
+specifies /etc/openldap/certdb as the location of the cert/key database, use
modutil to change the password to the empty string:
.nf
modutil \-dbdir /etc/openldap/certdb \-changepw 'NSS Certificate DB'