Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lightweight Replication for OpenLDAP Jong Hyuk Choi IBM Thomas J. Watson Research Center Enterprise Linux Group Mar 21, 2003.

Published byGavin Hancock Modified over 8 years ago

Similar presentations

Presentation on theme: "Lightweight Replication for OpenLDAP Jong Hyuk Choi IBM Thomas J. Watson Research Center Enterprise Linux Group Mar 21, 2003."— Presentation transcript:

1 Lightweight Replication for OpenLDAP Jong Hyuk Choi jongchoi@us.ibm.com IBM Thomas J. Watson Research Center Enterprise Linux Group Mar 21, 2003

2 OpenLDAP Replication ƒ Slurpd producer-initiated, log-based replication out-of-band replica management ƒ A New Lightweight Replication consumer-initiated, state-based, pull replication eventual consistency replication by search operation - no prior agreement minimal history information minimal consumer information in the producer side master-slave support partial replication (fractional and sparse) primary and secondary replication based on the client synchronization protocols draft-zeilenga-ldup-sync-01 draft-ietf-ldup-lcup-04

3 Sync Protocol - LCUP ƒ LDAP Client Update Protocol (Megginson et al.) synchronize directory entries, assume history information syncOnly, syncAndPersist, persistOnly searchResultDone +syncDone(cookie) add modify/moddn/delete searchRequest +syncRequest(syncOnly) (cookie) searchResultEntry +syncUpdate(leftSet=0) searchResultEntry +syncUpdate(leftSet=1) modify/moddn/delete searchResultDone +syncDone ( cookie |reloadRequired ) searchRequest +syncRequest(syncAndPersist) ( cookie | reload ) leftSet=1 case of syncOnly requires history information such as log or tombstone to determine whether the entry was within the search result before the operation if consitency is too costly or impossible to achieve, producer issues reloadRequired tradeoff in history info vs. chattiness searchResultEntry +syncUpdate (persistPhase, leftSet=0|1) add/modify/moddn/delete

4 Sync Protocol - LDAP SYNC ƒ LDAP Synchronization Protocol (Zeilenga and Choi) synchronizing shadowed information, no history information assumed refreshOnly, refreshAndPersist searchResultDone +syncDone(cookie) add searchRequest +syncRequest(refreshOnly) (cookie) searchResultEntry +syncState (all present+add) modify/moddn/delete searchResultDone (success or reloadReq) +syncDone ( cookie ) searchRequest +syncRequest(refreshAndPersist) ( cookie | reload ) present : only send DN and entryUUID in the refresh phase, if entryCSN <= cookieCSN, send present else, send add no history information is required chatty intermediateResponse +syncInfo(refreshDone) add/modify/moddn/delete searchResultEntry +syncUpdate (add|modify|delete) (all present+add) add modify/moddn/delete

5 LDAP SYNC - Chattiness Reduction ƒ To reduce chattiness, maintain lightweight history information for the finite number of refreshOnly consumers if an update causes an entry to leave one of the subtree refinement in the replicaSubentries under admPoint, add e.CSN before change as a presentRange attribute value when a refreshOnly of the same spec arrives, send present entries within the sync search result set only if (startCSN <= e.CSN <= endCSN) for each values of the presentRange attribute presentRange values shall be delivered as the syncInfo cookie tradeoff of consumer info vs. chattiness presentRange merge, open-ended presentRange value (0,inf) when consumer info is dropped -> presentRange = [0..inf] replicaSubentry contains syncSearchSpec : {base, scope, filter, attrs, binddn} presentRange : {startCSN,endCSN}

6 Information Model database root replicaSubentry (producer) subentry entry replication base references subtree refinement glue replicaSubentry (consumer | secondary) subentry glue replication base references subtree refinement shadowed information : prefix info + area info + subordinate info objectClass glue : only have naming information, objectClass attribute replicaProducerSubentry : cn, replicaType, replicaStatus, replicationMode, syncSearchSpec, presentRange, secondaryConsumer, subtreeSpec replicaConsumerSubentry : cn, replicaStatus, replicationMode, producer, binddn, bindmethod, credentials, interval, secondaryProducer, subtreeSpec replicaSubentries : rdns of all replicaSubentries subordinate to admPoint alias, reference : as in manageDsaIT glue

7 CSN and UUID ƒ Change Sequence Number imposes total ordering of a sequence of updates time#change count#replica id#modification number 2003032111:21:31z#0x00A7#1#0x0000 entryCSN, replicaCSN, startCSN, endCSN ƒ CSN Generation OpenLDAP generates CSN before backend update operation max CSN of the committed update may not be the max generated CSN ->replicaCSN may be greater than the actual replcia state replicaCSN of the producer should be set to the min outstanding CSN -  ƒ UUID : Universally Unique Identifier DNs can change and so are unreliable entryUUID

8 Configuration ƒ consumer configuration slapd.conf databasebdb suffix"o=ibm,c=us" syncrepl id=1 producer=ldap://producer.ibm.com:9009 binddn="cn=repluser,o=ibm,c=us" bindmethod=simple credentials=secret replicationbase="ou=enterprise linux,o=ibm,c=us" filter="objectClass=organizationalPerson" attrs="cn sn description telephoneNumber l ou title" scope=sub type=refreshOnly interval=24h

9 Replication Thread ƒ replication thread pool of consumer submit a replication thread upon parsing a syncrepl line of slapd.conf void *do_syncrepl( void *ctx, void *arg ) { get consumer replica cookie from replicaSubentry init connection to the producer bind to the producer ldap_search_ext(ld, si->base, si->scope, si->filterstr, si->attrs, 0, NULL, NULL, NULL, -1, &msgid) while (msg) { if ( LDAP_RES_SEARCH_ENTRY ) { entry = msg_to_entry( msg, modlist, &rctrls ) parse control ( &rctrls ) to get syncState, entryUUID, entryCSN syncrepl_entry ( entry, modlist ) } else if ( LDAP_RES_SEARCH_RESULT ) { update consumer replica cookie delete entries within presentRange but not in si->presentlist reschedule do_syncrepl } else if ( LDAP_RES_INTERMEDIATE_RESP ) { if ( syncInfo == cookie ) update consumer replica cookie else if ( syncInfo == presentRangeCookie ) update presentRange }

10 Synchronization Update ƒ synchronization update internal modify and add with null callback functions static int syncrepl_entry ( entry, modlist ) { set null_callback for 4 callbacks switch ( syncState ) { case LDAP_SYNC_PRESENT: avl_insert ( &si->presentlist, syncUUID ) case LDAP_SYNC_ADD : case LDAP_SYNC_MODIFY : rc = be->be_modify ( &entry->e_name, modlist ) if ( rc == LDAP_NO_SUCH_OBJECT ) { rc = be->be_add ( entry ) if ( rc == LDAP_REFERRAL ) { syncrepl_add_glue ( entry ) } case LDAP_SYNC_DELETE : rc = be->be_delete ( &entry->e_name ); }

11 Summary ƒ SyncRepl a lightweight replication engine for OpenLDAP ƒ Applications Lightweight Directory Replication Synchronization for OpenLDAP Proxy Cache from IBM India Research IBM Directory Integrator Connector for OpenLDAP ƒ Plans Initial code available Initial source code contribution soon Solicit requirements from the community

Download ppt "Lightweight Replication for OpenLDAP Jong Hyuk Choi IBM Thomas J. Watson Research Center Enterprise Linux Group Mar 21, 2003."

Similar presentations

Directory Infrastructure Roadmap Overcoming Fragmented Identities - Roadmap to a Reliable Directory Infrastructure Thorsten Butschke & Dr. Martin Dehn.

Directory Infrastructure Roadmap Overcoming Fragmented Identities - Roadmap to a Reliable Directory Infrastructure Thorsten Butschke & Dr. Martin Dehn.
Indications in green = Live content Indications in white = Edit in master Indications in blue = Locked elements Indications in black = Optional elements.

Indications in green = Live content Indications in white = Edit in master Indications in blue = Locked elements Indications in black = Optional elements.
Performance Improvement of OpenLDAP Transactional Backend Jong Hyuk Choi IBM Thomas J. Watson Research Center Enterprise Linux Group.

Performance Improvement of OpenLDAP Transactional Backend Jong Hyuk Choi IBM Thomas J. Watson Research Center Enterprise Linux Group.
LDAP Lightweight Directory Access Protocol LDAP.

LDAP Lightweight Directory Access Protocol LDAP.
LDAP Jianwen Luo School of CTI, Depaul Univ. Oct.23, 1998.

LDAP Jianwen Luo School of CTI, Depaul Univ. Oct.23, 1998.
Software Engineering Recitation 6 Suhit Gupta. Review Classpath Stream vs. Reader.

Software Engineering Recitation 6 Suhit Gupta. Review Classpath Stream vs. Reader.
© Chinese University, CSE Dept. Distributed Systems / 9 - 1 Distributed Systems Topic 9: Time, Coordination and Replication Dr. Michael R. Lyu Computer.

© Chinese University, CSE Dept. Distributed Systems / Distributed Systems Topic 9: Time, Coordination and Replication Dr. Michael R. Lyu Computer.
LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.

LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.
CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration
Active Directory at the University of Michigan Data Population and Kerberos Interoperability MaryBeth Stuenkel LAN/NOS/Groupware Services.

Active Directory at the University of Michigan Data Population and Kerberos Interoperability MaryBeth Stuenkel LAN/NOS/Groupware Services.
Distributed Computing COEN 317 DC2: Naming, part 1.

Distributed Computing COEN 317 DC2: Naming, part 1.
LDAP Client Update Protocol (LCUP) Olga Natkovich Sun-Netscape Alliance

LDAP Client Update Protocol (LCUP) Olga Natkovich Sun-Netscape Alliance
INFORMATION FOR NETWORK OPERATION. CONTENT Directory service Standard X.500 LDAP.

INFORMATION FOR NETWORK OPERATION. CONTENT Directory service Standard X.500 LDAP.
1 Physical Data Organization and Indexing Lecture 14.

1 Physical Data Organization and Indexing Lecture 14.
1 Internet Based Applications Lightweight Directory Access Protocol (LDAP) Piotr Wierzejewski.

1 Internet Based Applications Lightweight Directory Access Protocol (LDAP) Piotr Wierzejewski.
23/4/2001LDAP Overview - HEPix - LAL 2001 LDAP Overview HEPix – LAL Apr. 2001 Michel Jouvin

23/4/2001LDAP Overview - HEPix - LAL 2001 LDAP Overview HEPix – LAL Apr Michel Jouvin
Linux Technology Center 18 April 2003 © 2003 IBM LDAP Content Synchronization Kurt D. ZeilengaJong Hyuk Choi OpenLDAP ProjectIBM Research Title slide.

Linux Technology Center 18 April 2003 © 2003 IBM LDAP Content Synchronization Kurt D. ZeilengaJong Hyuk Choi OpenLDAP ProjectIBM Research Title slide.
Netprog: LDAP1 Lightweight Directory Access Protocol (LDAP) Refs: –Netscape LDAP server docs – U. of Michigan LDAP docs – www.openldap.org docs –RFCs:

Netprog: LDAP1 Lightweight Directory Access Protocol (LDAP) Refs: –Netscape LDAP server docs – U. of Michigan LDAP docs – docs –RFCs:
LDAP Search Criteria Fall 2004 Rev. 2. LDAP Searches Can be performed on Single directory entry Contents of a single container Entire subtree Required.

LDAP Search Criteria Fall 2004 Rev. 2. LDAP Searches Can be performed on Single directory entry Contents of a single container Entire subtree Required.
Introduction To OpenLDAP Directory Services. What is a Directory Service? A specialized database optimized for reading, browsing, and searching. No complicated.

Introduction To OpenLDAP Directory Services. What is a Directory Service? A specialized database optimized for reading, browsing, and searching. No complicated.

Similar presentations

Ads by Google