From 394d2897e937e1567b85947f1476538bdd9af66a Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Fri, 23 Nov 2007 11:50:58 +0000 Subject: [PATCH] further clarify size limit related issues in sync replication (ITS#5243) --- doc/man/man5/slapd.conf.5 | 35 +++++++++++++++++++++++++++++++---- 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5 index 1e86e83cd1..d131ff9a8e 100644 --- a/doc/man/man5/slapd.conf.5 +++ b/doc/man/man5/slapd.conf.5 @@ -1298,6 +1298,12 @@ is requested cannot exceed the size limit of regular searches unless extended by the .B prtotal switch. + +The \fBlimits\fP statement is typically used to let an unlimited +number of entries to be returned by searches performed +with the identity used by the consumer for synchronization purposes +by means of the RFC 4533 LDAP Content Synchronization protocol +(see \fBsyncrepl\fP for details). .RE .TP .B maxderefdepth @@ -1550,7 +1556,9 @@ It is a non-negative integer having no more than three digits. .B provider specifies the replication provider site containing the master content as an LDAP URI. If is not given, the standard LDAP port number -(389 or 636) is used. The content of the +(389 or 636) is used. + +The content of the .B syncrepl replica is defined using a search specification as its result set. The consumer @@ -1558,16 +1566,21 @@ specification as its result set. The consumer will send search requests to the provider .B slapd according to the search specification. The search specification includes -.B searchbase, scope, filter, attrs, attrsonly, sizelimit, +.BR searchbase ", " scope ", " filter ", " attrs ", " attrsonly ", " sizelimit ", " and .B timelimit parameters as in the normal search specification. The \fBscope\fP defaults to \fBsub\fP, the \fBfilter\fP defaults to -\fB(objectclass=*)\fP, and there is no default \fBsearchbase\fP. The +\fB(objectclass=*)\fP, while there is no default \fBsearchbase\fP. The \fBattrs\fP list defaults to \fB"*,+"\fP to return all user and operational attributes, and \fBattrsonly\fP is unset by default. The \fBsizelimit\fP and \fBtimelimit\fP only accept "unlimited" and positive integers, and both default to "unlimited". +The \fBsizelimit\fP parameter defines a consumer requested limitation +on the number of entries that can be returned by the search; as such, +it is intended to implement partial replication based on the size +of the replicated database. + The LDAP Content Synchronization protocol has two operation types. In the .B refreshOnly @@ -1591,10 +1604,18 @@ For example, retry="60 10 300 3" lets the consumer retry every 60 seconds for the first 10 times and then retry every 300 seconds for the next 3 times before stop retrying. The `+' in <# of retries> means indefinite number of retries until success. + The schema checking can be enforced at the LDAP Sync consumer site by turning on the .B schemachecking -parameter. The default is off. +parameter. The default is \fBoff\fP. +Schema checking \fBon\fP means that replicated entries must have +a structural objectClass, must obey to objectClass requirements +in terms of required/allowed attributes, and that naming attributes +and distinguished values must be present. +As a consequence, schema checking should be \fBoff\fP when partial +replication is used. + The .B starttls parameter specifies use of the StartTLS extended operation @@ -1603,6 +1624,7 @@ StartTLS request fails and the .B critical argument was used, the session will be aborted. Otherwise the syncrepl session continues without TLS. + A .B bindmethod of @@ -1635,6 +1657,11 @@ keyword above) for a SASL bind can be set with the option. A non default SASL realm can be set with the .B realm option. +The identity used for synchronization by the consumer should be allowed +to receive an unlimited number of entries in response to a search request; +this can be accomplished by either allowing unlimited \fBsizelimit\fP +or by setting an appropriate \fBlimits\fP statement in the consumer's +configuration (see \fBsizelimit\fP and \fBlimits\fP for details). Rather than replicating whole entries, the consumer can query logs of data modifications. This mode of operation is referred to as \fIdelta -- 2.47.2