upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-25 00:59:45 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

document idle-timeout; cleanup

Browse source
This commit is contained in:
Pierangelo Masarati 2005-12-07 17:57:35 +00:00
parent 1b42fde372
commit fdbcfbe598
2 changed files with 27 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
doc/man/man5/slapd-ldap.5
View file

@ -93,21 +93,19 @@ internally used by the proxy to collect info related to access control.
The identity defined by this directive, according to the properties
associated to the authentication method, is supposed to have read access
on the target server to attributes used on the proxy for ACL checking.
The
.B secprops
field is currently ignored.
There is no risk of giving away such values; they are only used to
check permissions.
The default is to use
.BR simple ,
with empty binddn and credentials,
.BR simple
bind, with empty \fIbinddn\fP and \fIcredentials\fP,
which means that the related operations will be performed anonymously.
.B This identity is by no means implicitly used by the proxy
.B when the client connects anonymously.
See the
The
.B idassert-bind
feature instead.
feature, instead, in some cases can be crafted to implement that behavior,
which is \fIintrinsically unsafe and should be used with extreme care\fP.
This directive obsoletes
.BR acl-authcDN ,
and
@ -334,6 +332,11 @@ Note: if the timelimit is exceeded, the operation is abandoned;
the protocol does not provide any means to rollback the operation,
so the client will not know if the operation eventually succeeded or not.
.TP
.B idle-timeout <time>
This directive causes a cached connection to be dropped an recreated
after it has been idle for the specified time.
.SH BACKWARD COMPATIBILITY
The LDAP backend has been heavily reworked between releases 2.2 and 2.3;
as a side-effect, some of the traditional directives have been

17
doc/man/man5/slapd-meta.5
View file

@ -154,6 +154,18 @@ because they are legal in the <naming context>, and we don't want to use
URL-encoded <naming context>s), and the additional URIs must have
no <naming context> part. This causes the underlying library
to contact the first server of the list that responds.
For example, if \fIl1.foo.com\fP and \fIl2.foo.com\fP are shadows
of the same server, the directive
.LP
.nf
suffix "\fBdc=foo,dc=com\fP"
uri "ldap://l1.foo.com/\fBdc=foo,dc=com\fP ldap://l2.foo.com/"
.fi
.RE
.RS
causes \fIl2.foo.com\fP to be contacted whenever \fIl1.foo.com\fP
does not respond.
.RE
.TP
@ -228,6 +240,11 @@ so the client will not know if the operation eventually succeeded or not.
If set before any target specification, it affects all targets, unless
overridden by any per-target directive.
.TP
.B idle-timeout <time>
This directive causes a cached connection to be dropped an recreated
after it has been idle for the specified time.
.TP
.B pseudorootdn "<substitute DN in case of rootdn bind>"
This directive, if present, sets the DN that will be substituted to