cancel
Showing results for 
Search instead for 
Did you mean: 

VDS: does it support "Content Synchronization Protocol"?

Former Member
0 Kudos

Hi

we are currently facing a requirement to be implemented with VDS. Does VDS support the "Content Synchronization Protocol"?

Please refer to the following quote:

"Replication features allow LDAP DIT updates to be copied to one or more LDAP systems for backup and/or performance reasons. In this context it is worth emphasizing that replication operates at the DIT level not the LDAP server level. Thus, in a single server running multiple DITs each DIT may be replicated to a different server. Replication occurs periodically within what this guide calls the replication cycle time. OpenLDAP version 2.3 introduced a powerful new replication feature (generically known as syncrepl) and with version 2.4 this was further enhanced to provide multi-master capabilities. There are two possible replication configurations and multiple variations on each configuration type.

Replication occurs at the level of the DIT and describes the process of copying updates from a DIT on one LDAP server to the same DIT on one or more other servers. Replication configurations may be either MASTER-SLAVE or Producer-Consumer in OpenLDAP's idiosyncratic terminology (the SLAVE - consumer - copy is always read-only) or MULTI-MASTER. Replication is a configuration (operational) issue, however, the Content Synchronization Protocol (used by syncrepl) is defined by RFC 4533."

We want to set the VDS as master of this replication and set other OpenLDAP to replicate with VDS. Please see the attachment.

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

On the surface it seems that all that's required is to implement a new UUID attribute on all the IdStore entries that would never change which the sync can utilize, and add some features to the search operations of the VDS' LDAP interface to suppoer the RFC. But, things are seldom as easy as they seem 🙂 Everything from the paging of the potentially humongous resultsets and generating tombstones for deleted/inactive users and whatever else I didn't catch on the first read...


I think a much easier solution is to set up an OpenLDAP "Producer" server that IdM writes to when entries are changed as a regular LDAP repository, which the Consumer LDAPs then read/consume from. Should be much less work than trying to implement enough of the RFC in VDS to make it work.


(I've asked a VDS developer to look at this topic and I'm prepared to be proven wrong 🙂 )


Br,

Chris

Message was edited by: Per Krabsetsve

former_member2987
Active Contributor
0 Kudos

Matthias,

The answer is: it probably can.

I don't believe that this is in anyway a part of VDS' out of the box functionality, however it probably can be accomplished by writing an extension class.

You'll need to get your hands on the JAVADOC for VDS.  If it's not avialable on the documentation site, you can request it via an OSS note, I believe.  If you're still having issues, DM me.

Regards,

Matt