Target configuration starts with the "uri" directive. All the
configuration directives that are not specific to targets should
be defined first for clarity, including those that are common to
all backends. They are:
conn-pool-max <int>
This directive defines the maximum size of the privileged
connections pool.
conn-ttl <time>
This directive causes a cached connection to be dropped an
recreated after a given ttl, regardless of being idle or
not.
default-target none
This directive forces the backend to reject all those
operations that must resolve to a single target in case
none or multiple targets are selected. They include: add,
delete, modify, modrdn; compare is not included, as well
as bind since, as they don't alter entries, in case of
multiple matches an attempt is made to perform the
operation on any candidate target, with the constraint
that at most one must succeed. This directive can also be
used when processing targets to mark a specific target as
default.
dncache-ttl {DISABLED|forever|<ttl>}
This directive sets the time-to-live of the DN cache.
This caches the target that holds a given DN to speed up
target selection in case multiple targets would result
from an uncached search; forever means cache never
expires; disabled means no DN caching; otherwise a valid (
> 0 ) ttl is required, in the format illustrated for the
idle-timeout
directive.
onerr {CONTINUE|report|stop}
This directive allows one to select the behavior in case
an error is returned by one target during a search. The
default, continue
, consists in continuing the operation,
trying to return as much data as possible. If the value
is set to stop
, the search is terminated as soon as an
error is returned by one target, and the error is
immediately propagated to the client. If the value is set
to report
, the search is continued to the end but, in case
at least one target returned an error code, the first non-
success error code is returned.
norefs <NO|yes>
If yes
, do not return search reference responses. By
default, they are returned unless request is LDAPv2. If
set before any target specification, it affects all
targets, unless overridden by any per-target directive.
noundeffilter <NO|yes>
If yes
, return success instead of searching if a filter is
undefined or contains undefined portions. By default, the
search is propagated after replacing undefined portions
with (!(objectClass=*))
, which corresponds to the empty
result set. If set before any target specification, it
affects all targets, unless overridden by any per-target
directive.
protocol-version {0,2,3}
This directive indicates what protocol version must be
used to contact the remote server. If set to 0 (the
default), the proxy uses the same protocol version used by
the client, otherwise the requested protocol is used. The
proxy returns unwillingToPerform if an operation that is
incompatible with the requested protocol is attempted. If
set before any target specification, it affects all
targets, unless overridden by any per-target directive.
pseudoroot-bind-defer {YES|no}
This directive, when set to yes
, causes the authentication
to the remote servers with the pseudo-root identity (the
identity defined in each idassert-bind
directive) to be
deferred until actually needed by subsequent operations.
Otherwise, all binds as the rootdn are propagated to the
targets.
quarantine <interval>,<num>[;<interval>,<num>[...]]
Turns on quarantine of URIs that returned
LDAP_UNAVAILABLE, so that an attempt to reconnect only
occurs at given intervals instead of any time a client
requests an operation. The pattern is: retry only after
at least interval seconds elapsed since last attempt, for
exactly num times; then use the next pattern. If num for
the last pattern is "+
", it retries forever; otherwise, no
more retries occur. This directive must appear before any
target specification; it affects all targets with the same
pattern.
rebind-as-user {NO|yes}
If this option is given, the client's bind credentials are
remembered for rebinds, when trying to re-establish a
broken connection, or when chasing a referral, if
chase-referrals
is set to yes.
session-tracking-request {NO|yes}
Adds session tracking control for all requests. The
client's IP and hostname, and the identity associated to
each request, if known, are sent to the remote server for
informational purposes. This directive is incompatible
with setting protocol-version to 2. If set before any
target specification, it affects all targets, unless
overridden by any per-target directive.
single-conn {NO|yes}
Discards current cached connection when the client
rebinds.
use-temporary-conn {NO|yes}
when set to yes
, create a temporary connection whenever
competing with other threads for a shared one; otherwise,
wait until the shared connection is available.