файл конфигурации для lloadd, автономного демона LDAP (configuration file for lloadd, the stand-alone LDAP daemon)
Глобальные параметры конфигурации (Global configuration options)
Options described in this section apply to all backends.
Arguments that should be replaced by actual text are shown in
brackets <>.
argsfile <filename>
The (absolute) name of a file that will hold the lloadd
server's command line (program name and options).
concurrency <integer>
Specify a desired level of concurrency. Provided to the
underlying thread system as a hint. The default is not to
provide any hint.
feature <feature> [...]
Switch additional features supported by the LDAP Load
Balancer on. Supported features are:
proxyauthz
when proxying an operation, pass the
client's authorized identity using the proxy
authorization control (RFC 4370). No control
is added to the operation if initiated by a
client whose bound identity matches the
identity configured in bindconf (no
normalisation of the DN is attempted).
If SASL binds are issued by clients and this
feature is enabled, backend servers need to
support LDAP Who Am I? extended operation
for the Load Balancer to detect the correct
authorization identity.
include <filename>
Read additional configuration information from the given
file before continuing with the next line of the current
file.
io-threads <integer>
Specify the number of threads to use for the connection
manager. The default is 1 and this is typically adequate
for up to 16 CPU cores. The value should be set to a
power of 2.
If modified after server starts up, a change to this
option will not take effect until the server has been
restarted.
logfile <filename>
Specify a file for recording lloadd debug messages. By
default these messages only go to stderr, are not recorded
anywhere else, and are unrelated to messages exposed by
the loglevel configuration parameter. Specifying a logfile
copies messages to both stderr and the logfile.
loglevel <integer> [...]
Specify the level at which debugging statements and
operation statistics should be syslogged (currently logged
to the syslogd(8) LOG_LOCAL4 facility). They must be
considered subsystems rather than increasingly verbose log
levels. Some messages with higher priority are logged
regardless of the configured loglevel as soon as any
logging is configured. Log levels are additive, and
available levels are:
1 (0x1 trace) trace function calls
2 (0x2 packets) debug packet handling
4 (0x4 args) heavy trace debugging (function
args)
8 (0x8 conns) connection management
16 (0x10 BER) print out packets sent and
received
64 (0x40 config) configuration file processing
256 (0x100 stats) connections, LDAP operations,
results (recommended)
512 (0x200 stats2) stats log entries sent
32768 (0x8000 none) only messages that get logged
whatever log level is set
The desired log level can be input as a single integer
that combines the (ORed) desired levels, both in decimal
or in hexadecimal notation, as a list of integers (that
are ORed internally), or as a list of the names that are
shown between parentheses, such that
loglevel 513
loglevel 0x201
loglevel 512 1
loglevel 0x200 0x1
loglevel stats trace
are equivalent. The keyword any can be used as a shortcut
to enable logging at all levels (equivalent to -1). The
keyword none, or the equivalent integer representation,
causes those messages that are logged regardless of the
configured loglevel to be logged. In fact, if loglevel is
set to 0, no logging occurs, so at least the none level is
required to have high priority messages logged.
The loglevel defaults to stats. This level should usually
also be included when using other loglevels, to help
analyze the logs.
pidfile <filename>
The (absolute) name of a file that will hold the lloadd
server's process ID (see getpid(2)).
sockbuf_max_incoming_client <integer>
Specify the maximum LDAP PDU size accepted coming from
clients. The default is 262143.
sockbuf_max_incoming_upstream <integer>
Specify the maximum LDAP PDU size accepted coming from
upstream connections. The default is 4194303.
tcp-buffer [listener=<URL>] [{read|write}=]<size>
Specify the size of the TCP buffer. A global value for
both read and write TCP buffers related to any listener is
defined, unless the listener is explicitly specified, or
either the read or write qualifiers are used. See tcp(7)
for details. Note that some OS-es implement automatic TCP
buffer tuning.
threads <integer>
Specify the maximum size of the primary thread pool. The
default is 16; the minimum value is 2.
threadqueues <integer>
Specify the number of work queues to use for the primary
thread pool. The default is 1 and this is typically
adequate for up to 8 CPU cores. The value should not
exceed the number of CPUs in the system.
max_pdus_per_cycle <integer>
If set to 0, PDUs are handled by the I/O threads directly,
otherwise a task is queued to be picked up by the thread
pool. This task will process PDUs from the connection
until there is no more data to be read or this limit is
reached when the I/O thread can pick it up again. Very
high values have a potential to cause some connections to
be starved in a very high-bandwidth environment. The
default is 1000.
client_max_pending <integer>
Will cause the load balancer to limit the number
unfinished operations for each client connection. The
default is 0, unlimited.
iotimeout <integer>
Specify the number of milliseconds to wait before forcibly
closing a connection with an outstanding write. This
allows faster recovery from various network hang
conditions. An iotimeout of 0 disables this feature. The
default is 10000.
write_coherence <integer>
Specify the number of seconds after a write operation is
finished that lloadd will direct operations exclusively to
the last selected backend. A write operation is anything
not handled internally (certain exops, abandon), except
search, compare and bind operations. Bind operations also
reset this restriction. The default is 0, write operations
do not restrict selection. When negative, the restriction
is not time limited and will persist until the next bind.
restrict_exop <OID> <action>
Tell lloadd that extended operation with a given OID
should be handled in a specific way. OID 1.1 is special,
setting a default (only for operations not handled
internally). The meaning of the <action> argument is the
same as in restrict_control below.
restrict_control <OID> <action>
Tell lloadd that a control with a given OID attached to
any operation should be handled in a specific way
according to the <action> argument. At the moment, only
operations passed intact are inspected in this way, in
particular, controls on bind and extended operations are
not checked.
In order of descending priority (the control with highest
priority action wins), this is the action made:
reject operations that carry this control will be
rejected.
connection
once an upstream is selected, every future
operation from this client will be directed
to the same connection. Useful when state is
shared between client and upstream that the
load balancer doesn't track.
backend
like write except this does not time out.
write this is treated like a write operation (see
write_coherence) above.
ignore does not influence restrictions, useful when
changing the global exop default. This is
the default handling for exops/controls not
handled by the load balancer internally.
