--On Wednesday, December 13, 2006 2:55 AM +0000 hyc@symas.com wrote:
Feel free to submit a patch. This may need to be two separate patches since there are several new TLS config keywords in RE24 vs RE23.
I've made the following change to the 2.3 admin guide:
(OL) helpus2:/tmp/quanah/ldap-rel-eng-2-3/doc/guide/admin> cvs diff -u slapdconf2.sdf Index: slapdconf2.sdf =================================================================== RCS file: /repo/OpenLDAP/pkg/openldap-guide/admin/slapdconf2.sdf,v retrieving revision 1.1.2.10 diff -u -r1.1.2.10 slapdconf2.sdf --- slapdconf2.sdf 3 Jan 2006 22:16:03 -0000 1.1.2.10 +++ slapdconf2.sdf 15 Dec 2006 00:05:16 -0000 @@ -609,6 +609,7 @@
olcSyncrepl: rid=<replica ID> provider=ldap[s]://<hostname>[:port]
+> [starttls=yes|critical]
[type=refreshOnly|refreshAndPersist] [interval=dd:hh:mm:ss] [retry=[<retry interval> <# of retries>]+]
@@ -658,6 +659,11 @@ {{EX:replica}} directives define two independent replication mechanisms. They do not represent the replication peers of each other.
+The {{EX:starttls}} parameter specifies use of the StartTLS extended +operation to establish a TLS session before Binding to the provider. If the +critical argument is supplied, the session will be aborted if the StartTLS +request fails. Otherwise the syncrepl session continues without TLS. + The content of the syncrepl replica is defined using a search specification as its result set. The consumer slapd will send search requests to the provider slapd according to the search
If this is acceptable, I will commit it.
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html