size limit of regular searches unless extended by the
.B prtotal
switch.
+
+The \fBlimits\fP statement is typically used to let an unlimited
+number of entries to be returned by searches performed
+with the identity used by the consumer for synchronization purposes
+by means of the RFC 4533 LDAP Content Synchronization protocol
+(see \fBsyncrepl\fP for details).
.RE
.TP
.B maxderefdepth <depth>
.B provider
specifies the replication provider site containing the master content
as an LDAP URI. If <port> is not given, the standard LDAP port number
-(389 or 636) is used. The content of the
+(389 or 636) is used.
+
+The content of the
.B syncrepl
replica is defined using a search
specification as its result set. The consumer
will send search requests to the provider
.B slapd
according to the search specification. The search specification includes
-.B searchbase, scope, filter, attrs, attrsonly, sizelimit,
+.BR searchbase ", " scope ", " filter ", " attrs ", " attrsonly ", " sizelimit ", "
and
.B timelimit
parameters as in the normal search specification.
The \fBscope\fP defaults to \fBsub\fP, the \fBfilter\fP defaults to
-\fB(objectclass=*)\fP, and there is no default \fBsearchbase\fP. The
+\fB(objectclass=*)\fP, while there is no default \fBsearchbase\fP. The
\fBattrs\fP list defaults to \fB"*,+"\fP to return all user and operational
attributes, and \fBattrsonly\fP is unset by default.
The \fBsizelimit\fP and \fBtimelimit\fP only
accept "unlimited" and positive integers, and both default to "unlimited".
+The \fBsizelimit\fP parameter defines a consumer requested limitation
+on the number of entries that can be returned by the search; as such,
+it is intended to implement partial replication based on the size
+of the replicated database.
+
The LDAP Content Synchronization protocol has two operation types.
In the
.B refreshOnly
for the first 10 times and then retry every 300 seconds for the next 3
times before stop retrying. The `+' in <# of retries> means indefinite
number of retries until success.
+
The schema checking can be enforced at the LDAP Sync
consumer site by turning on the
.B schemachecking
-parameter. The default is off.
+parameter. The default is \fBoff\fP.
+Schema checking \fBon\fP means that replicated entries must have
+a structural objectClass, must obey to objectClass requirements
+in terms of required/allowed attributes, and that naming attributes
+and distinguished values must be present.
+As a consequence, schema checking should be \fBoff\fP when partial
+replication is used.
+
The
.B starttls
parameter specifies use of the StartTLS extended operation
.B critical
argument was used, the session will be aborted. Otherwise the syncrepl
session continues without TLS.
+
A
.B bindmethod
of
option. A non default SASL realm can be set with the
.B realm
option.
+The identity used for synchronization by the consumer should be allowed
+to receive an unlimited number of entries in response to a search request;
+this can be accomplished by either allowing unlimited \fBsizelimit\fP
+or by setting an appropriate \fBlimits\fP statement in the consumer's
+configuration (see \fBsizelimit\fP and \fBlimits\fP for details).
Rather than replicating whole entries, the consumer can query logs of
data modifications. This mode of operation is referred to as \fIdelta
projects / openldap / commitdiff