1
.TH SLAPD-SOCK 5 "RELEASEDATE" "OpenLDAP LDVERSION"
2
.\" Copyright 2007-2008 The OpenLDAP Foundation All Rights Reserved.
3
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
4
.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-sock.5,v 1.3.2.1 2008/02/09 00:46:08 quanah Exp $
6
slapd-sock \- Socket backend to slapd
12
uses an external program to handle queries, similarly to
14
However, in this case the external program listens on a Unix domain socket.
15
This makes it possible to have a pool of processes, which persist between
16
requests. This allows multithreaded operation and a higher level of
17
efficiency. The external program must have been started independently;
19
itself will not start it.
23
options apply to the SOCK backend database.
24
That is, they must follow a "database sock" line and come before any
25
subsequent "backend" or "database" lines.
26
Other database options are described in the
30
.B extensions [ binddn | peername | ssf ]*
31
Enables the sending of additional meta-attributes with each request.
34
peername: IP=<address>:<port>
38
.B socketpath <pathname>
39
Gives the path to a Unix domain socket to which the commands will
40
be sent and from which replies are received.
42
The protocol is essentially the same as
44
with the addition of a newline to terminate the command parameters. The
45
following commands are sent:
50
<repeat { "suffix:" <database suffix DN> }>
51
<entry in LDIF format>
60
<repeat { "suffix:" <database suffix DN> }>
62
method: <method number>
63
credlen: <length of <credentials>>
73
<repeat { "suffix:" <database suffix DN> }>
84
<repeat { "suffix:" <database suffix DN> }>
94
<repeat { "suffix:" <database suffix DN> }>
97
<"add"/"delete"/"replace">: <attribute>
98
<repeat { <attribute>: <value> }>
109
<repeat { "suffix:" <database suffix DN> }>
112
deleteoldrdn: <0 or 1>
113
<if new superior is specified: "newSuperior: <DN>">
122
<repeat { "suffix:" <database suffix DN> }>
124
scope: <0-2, see ldap.h>
125
deref: <0-3, see ldap.h>
126
sizelimit: <size limit>
127
timelimit: <time limit>
130
attrs: <"all" or space-separated attribute list>
139
<repeat { "suffix:" <database suffix DN> }>
144
The commands - except \fBunbind\fP - should output:
149
matched: <matched DN>
153
where only RESULT is mandatory, and then close the socket.
154
The \fBsearch\fP RESULT should be preceded by the entries in LDIF
155
format, each entry followed by a blank line.
156
Lines starting with `#' or `DEBUG:' are ignored.
160
backend does not honor all ACL semantics as described in
161
.BR slapd.access (5).
162
In general, access to objects is checked by using a dummy object
163
that contains only the DN, so access rules that rely on the contents
164
of the object are not honored.
169
operation does not require
173
pseudo-attribute of the parent entry.
181
pseudo-attribute of the entry whose identity is being assessed;
183
access to the credentials is not checked, but rather delegated
184
to the underlying program.
193
of the object whose value is being asserted;
195
access to the attribute whose value is being asserted is not checked.
199
operation does not require
203
pseudo-attribute of the parent entry.
213
access to the specific attributes that are modified is not checked.
217
operation does not require
221
pseudo-attribute of the parent entry, nor to that of the new parent,
224
access to the distinguished values of the naming attributes
229
operation does not require
233
pseudo_attribute of the searchBase;
235
access to the attributes and values used in the filter is not checked.
238
There is an example script in the slapd/back-sock/ directory
239
in the OpenLDAP source tree.
243
default slapd configuration file