upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-25 00:59:45 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update and clarify replication docs

Browse source
This commit is contained in:
Ondřej Kuzník 2025-01-15 12:32:58 +00:00 committed by Ondřej Kuzník
parent 068881efb4
commit e3dd9ac693
1 changed files with 22 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
doc/guide/admin/replication.sdf
View file

@ -347,6 +347,10 @@ is too far out of sync (or completely empty), conventional syncrepl is used to
bring it up to date and replication then switches back to the delta-syncrepl
mode.
Note: partial replication is incompatible with deltasync. For deltasync to
work, the replication user needs unrestricted read access to both the main
database and accesslog database.
Note: since the database state is stored in both the changelog DB and the
main DB on the provider, it is important to backup/restore both the changelog
DB and the main DB using slapcat/slapadd when restoring a DB or copying
@ -481,9 +485,18 @@ The provider is implemented as an overlay, so the overlay itself
must first be configured in {{slapd.conf}}(5) before it can be
used. The provider has two primary configuration directives and
two secondary directives for when delta-syncrepl is being used.
Because the LDAP Sync search is subject to access control, proper
access control privileges should be set up for the replicated
content.
content. In many environments the replicas are meant to carry the
same data as provider so the replication user needs unrestricted
read access to the database and as such this tends to be the first
access rule for that database:
> access to * by "$REPLICATOR" read by * break
However if partial replication is desired, the access rules can be
tightened appropriately.
The two primary options to configure are the checkpoint and
sessionlog behaviors.
@ -497,7 +510,13 @@ operations. If {{<ops>}} operations or more than {{<minutes>}}
time has passed since the last checkpoint, a new checkpoint is
performed. Checkpointing is disabled by default.
The session log is configured by the
If an accesslog is maintained for this database and contains all the
successful writes, it is the preferred way to provide the resync
information:
> syncprov-sessionlog-source <accesslog db suffix>
Otherwise an in memory session session log is configured by the
> syncprov-sessionlog <ops>
@ -535,7 +554,7 @@ A more complete example of the {{slapd.conf}}(5) content is thus:
>
> overlay syncprov
> syncprov-checkpoint 100 10
> syncprov-sessionlog 100
> syncprov-sessionlog-source cn=accesslog
H4: Set up the consumer slapd