[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [JunkMail] Re: ITS#4510 syncrepl starttls in Admin Guide

To: openldap-its@OpenLDAP.org
Subject: Re: [JunkMail] Re: ITS#4510 syncrepl starttls in Admin Guide
From: hyc@symas.com
Date: Fri, 15 Dec 2006 00:15:06 GMT

Quanah Gibson-Mount wrote:
> 
> 
> --On Wednesday, December 13, 2006 2:55 AM +0000 hyc@symas.com wrote:
> 
>> Feel free to submit a patch. This may need to be two separate patches
>> since there are several new TLS config keywords in RE24 vs RE23.
> 
You might as well incorporate the ITS#4540 patch while you're at it.

> I've made the following change to the 2.3 admin guide:

I'd probably put starttls a little lower on the list, but no big deal.

> (OL) helpus2:/tmp/quanah/ldap-rel-eng-2-3/doc/guide/admin> cvs diff -u 
> slapdconf2.sdf
> Index: slapdconf2.sdf
> ===================================================================
> RCS file: /repo/OpenLDAP/pkg/openldap-guide/admin/slapdconf2.sdf,v
> retrieving revision 1.1.2.10
> diff -u -r1.1.2.10 slapdconf2.sdf
> --- slapdconf2.sdf      3 Jan 2006 22:16:03 -0000       1.1.2.10
> +++ slapdconf2.sdf      15 Dec 2006 00:05:16 -0000
> @@ -609,6 +609,7 @@
> 
>  >      olcSyncrepl: rid=<replica ID>
>  >              provider=ldap[s]://<hostname>[:port]
> +>              [starttls=yes|critical]
>  >              [type=refreshOnly|refreshAndPersist]
>  >              [interval=dd:hh:mm:ss]
>  >              [retry=[<retry interval> <# of retries>]+]
> @@ -658,6 +659,11 @@
> {{EX:replica}} directives define two independent replication
> mechanisms. They do not represent the replication peers of each other.
> 
> +The {{EX:starttls}} parameter specifies use of the StartTLS extended
> +operation to establish a TLS session before Binding to the provider. If 
> the
> +critical argument is supplied, the session will be aborted if the StartTLS
> +request fails. Otherwise the syncrepl session continues without TLS.
> +

The last two sentences are a little ambiguous to me. I would say

If the the StartTLS request fails and the {{EX:critical}} argument was 
used, the session will be aborted. Otherwise the syncrepl session 
continues without TLS.

> The content of the syncrepl replica is defined using a search
> specification as its result set. The consumer slapd will
> send search requests to the provider slapd according to the search
> 
> 
> If this is acceptable, I will commit it.
> 
> --Quanah


-- 
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc
   OpenLDAP Core Team            http://www.openldap.org/project/

Prev by Date: Re: ITS#4510 syncrepl starttls in Admin Guide
Next by Date: Re: [JunkMail] Re: ITS#4510 syncrepl starttls in Admin Guide
Index(es):
- Chronological
- Thread