[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [JunkMail] Re: ITS#4510 syncrepl starttls in Admin Guide
Quanah Gibson-Mount wrote:
>
>
> --On Wednesday, December 13, 2006 2:55 AM +0000 hyc@symas.com wrote:
>
>> Feel free to submit a patch. This may need to be two separate patches
>> since there are several new TLS config keywords in RE24 vs RE23.
>
You might as well incorporate the ITS#4540 patch while you're at it.
> I've made the following change to the 2.3 admin guide:
I'd probably put starttls a little lower on the list, but no big deal.
> (OL) helpus2:/tmp/quanah/ldap-rel-eng-2-3/doc/guide/admin> cvs diff -u
> slapdconf2.sdf
> Index: slapdconf2.sdf
> ===================================================================
> RCS file: /repo/OpenLDAP/pkg/openldap-guide/admin/slapdconf2.sdf,v
> retrieving revision 1.1.2.10
> diff -u -r1.1.2.10 slapdconf2.sdf
> --- slapdconf2.sdf 3 Jan 2006 22:16:03 -0000 1.1.2.10
> +++ slapdconf2.sdf 15 Dec 2006 00:05:16 -0000
> @@ -609,6 +609,7 @@
>
> > olcSyncrepl: rid=<replica ID>
> > provider=ldap[s]://<hostname>[:port]
> +> [starttls=yes|critical]
> > [type=refreshOnly|refreshAndPersist]
> > [interval=dd:hh:mm:ss]
> > [retry=[<retry interval> <# of retries>]+]
> @@ -658,6 +659,11 @@
> {{EX:replica}} directives define two independent replication
> mechanisms. They do not represent the replication peers of each other.
>
> +The {{EX:starttls}} parameter specifies use of the StartTLS extended
> +operation to establish a TLS session before Binding to the provider. If
> the
> +critical argument is supplied, the session will be aborted if the StartTLS
> +request fails. Otherwise the syncrepl session continues without TLS.
> +
The last two sentences are a little ambiguous to me. I would say
If the the StartTLS request fails and the {{EX:critical}} argument was
used, the session will be aborted. Otherwise the syncrepl session
continues without TLS.
> The content of the syncrepl replica is defined using a search
> specification as its result set. The consumer slapd will
> send search requests to the provider slapd according to the search
>
>
> If this is acceptable, I will commit it.
>
> --Quanah
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/