backend-server
uri=ldap[s]://<hostname>[:port] [retry=<retry interval in
ms>] [keepalive=<idle>:<probes>:<interval>]
[starttls=yes|critical] [tls_cert=<file>] [tls_key=<file>]
[tls_cacert=<file>] [tls_cacertdir=<path>]
[tls_reqcert=never|allow|try|demand]
[tls_cipher_suite=<ciphers>] [tls_crlcheck=none|peer|all]
[tls_protocol_min=<major>[.<minor>]] [numconns=<conns>]
[bindconns=<conns>] [max-pending-ops=<ops>] [conn-max-
pending=<ops>]
Marks the beginning of a backend definition.
uri specifies the backend as an LDAP URI. If <port> is not
given, the standard LDAP port number (389 or 636) is used.
Lloadd will attempt to maintain numconns active
connections and also bindconns active connections
dedicated to handling client bind requests.
If an error occurs on a working connection, a new
connection attempt is made immediately, if one happens on
establishing a new connection to this backend, lloadd will
wait before a new reconnect attempt is made according to
the retry parameter (default is 5 seconds).
Operations will be distributed across the backend's
connections (upstreams).
The parameter conn-max-pending unless set to 0 (the
default), will limit the number unfinished operations per
upstream connection. Similarly, max-pending-ops will limit
the total number or unfinished operations across all
backend's connections, 0, the default, means no limit will
be imposed for this backend.
The keepalive parameter sets the values of idle, probes,
and interval used to check whether a socket is alive; idle
is the number of seconds a connection needs to remain idle
before TCP starts sending keepalive probes; probes is the
maximum number of keepalive probes TCP should send before
dropping the connection; interval is interval in seconds
between individual keepalive probes. Only some systems
support the customization of these values; the keepalive
parameter is ignored otherwise, and system-wide settings
are used.
The starttls parameter specifies use of the StartTLS
extended operation to establish a TLS session before
Binding to the provider. If the critical argument is
supplied, the session will be aborted if the StartTLS
request fails. Otherwise the syncrepl session continues
without TLS. The tls_reqcert setting defaults to "demand"
and the other TLS settings default to the same as the main
slapd TLS settings.
