[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ITS#4510 syncrepl starttls in Admin Guide

--On Wednesday, December 13, 2006 2:55 AM +0000 hyc@symas.com wrote:

> Feel free to submit a patch. This may need to be two separate patches
> since there are several new TLS config keywords in RE24 vs RE23.

I've made the following change to the 2.3 admin guide:

(OL) helpus2:/tmp/quanah/ldap-rel-eng-2-3/doc/guide/admin> cvs diff -u 
Index: slapdconf2.sdf
RCS file: /repo/OpenLDAP/pkg/openldap-guide/admin/slapdconf2.sdf,v
retrieving revision
diff -u -r1.1.2.10 slapdconf2.sdf
--- slapdconf2.sdf      3 Jan 2006 22:16:03 -0000
+++ slapdconf2.sdf      15 Dec 2006 00:05:16 -0000
@@ -609,6 +609,7 @@

 >      olcSyncrepl: rid=<replica ID>
 >              provider=ldap[s]://<hostname>[:port]
+>              [starttls=yes|critical]
 >              [type=refreshOnly|refreshAndPersist]
 >              [interval=dd:hh:mm:ss]
 >              [retry=[<retry interval> <# of retries>]+]
@@ -658,6 +659,11 @@
 {{EX:replica}} directives define two independent replication
 mechanisms. They do not represent the replication peers of each other.

+The {{EX:starttls}} parameter specifies use of the StartTLS extended
+operation to establish a TLS session before Binding to the provider. If the
+critical argument is supplied, the session will be aborted if the StartTLS
+request fails. Otherwise the syncrepl session continues without TLS.
 The content of the syncrepl replica is defined using a search
 specification as its result set. The consumer slapd will
 send search requests to the provider slapd according to the search

If this is acceptable, I will commit it.


Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html