IETF-ASID Russel Weiser
Informational Draft Novell Inc.
Expire in six months Ellen Stokes
IBM
16 July 1997
LDAP Replication Requirements
<draft-ietf-asid-replica-req-00.txt>
Status of this Memo
This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute
working documents as Internet- Drafts.
Internet-Drafts are draft documents valid for a Maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or cite them other than as " work in progress." To learn
the current status of any Internet-Draft, please check the "lid-
abstracts.txt" listing contained in the Internet-Drafts Shadow
Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe),
munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or
ftp.isi.edu (US West Coast).
Abstract
This document discusses some of the fundamental requirements for
replication and synchronization of the LDAPv3 [LDAPv3] protocol. It
is intended to be a gathering place for general replication
requirements needed to provide interoperability between informational
directories.
1. Introduction
The ability distribute directory information throughout the network
provides a two fold benefit to the network: (1) increasing the relia-
bililty of the directory through fault tolerance, and (2) brings the
directory content closer to the clients using the data. LDAPs accep-
tance as a access protocol for directory information is driving the
need to distribute LDAP directory content among servers within enter-
prise and Internet. Currently LDAP does not define a synchronization
mechanism and only generally mentions LDAP shadow servers see
Weiser, Stokes [Page 1]
INTERNET-DRAFT LDAP Replication Requirements
[LDAPv3] and [Changelog] in passing. The requirements for replication
are critical to the successful deployment and acceptance of LDAP in
the market place.
2. Objectives
The major objectives are to provide a simple highly efficient and
preforming replica synchronization method for LDAP while also provid-
ing the appropriate flexibility to meet the needs of both the Inter-
net and enterprise environments.
Simple
Efficient
Reliable
Provides Interoperability between vendors
Flexibility
3. General Requirements
The following requirements are in no priority order.
The flexibility of a LDAP replication should be of the upmost impor-
tance due to the nature of the Internet and enterprise environments.
This generally leads to several general requirements that are dis-
cussed briefly below.
Therefore support for both multi-master and master/slave environments
should be a driving requirement. Both these models SHALL be sup-
ported. Note: The definition of a replica either as a Read-only
replica or Read/Write replica allowing administrators the choice of
centralized or distributed management of the directory.
Additionally synchronization of LDAP replicas should allow either a
master and or replica to initiate the replication process and allow
the initiator to determine whether it will become a consumer and or
supplier during the synchronization process. This would allow a
replica to be periodically connected and synchronized from remote
sites at the local administrator's discretion.
Another driving force or general requirement should be that all
information between the master database and its replica databases
SHALL be identical including all no user modify operational
attributes such as timestamps.
Support for SubTree Replication SHALL be defined to allow for greater
flexibility replication toplologies of the DIT as discussed in X.525
section 7.2 [X.525].
Along with the above is the need for replication policies that govern
Weiser, Stokes [Page 2]
INTERNET-DRAFT LDAP Replication Requirements
the behavior of the replicas and the synchronization process and are
briefly discussed below in sections 3.1.
3.1. Replication policy definitions
Policies for the LDAP replication/synchronization shall be defined in
such a manner as to allow programmatic representation; these policies
shall be kept as replica attributes or as entries of the predeter-
mined agreement discussed in section 3.2 to be propagated during
replication.
3.1.1. Propagation behavior
Propagation behavior defines the general behavior of the actual syn-
chronization process between a consumer and a provider of replication
information.
1. Replication SHALL only be allowed after the proper authentication
and verification of authorization of both the replica and the source
directory.
2. The transport of LDAP synchronization data MUST use secure trans-
ports.
3. The replica synchronization SHALL be handled in such a manner as
to not saturate network with repetitive entry replication from multi-
ple synchronization providers points.
4. Full copy replication SHOULD be supported for reset and initial
loading of a replica using the LDIF [LDIF].
5. The normal means of synchronizing replicas SHALL be performed
through incremental synchronization and in accordance with the
scheduling policies of section 3.1.2.
6. Multiple LDAP changes SHOULD to be allowed to be treated as single
atomic transactions propagated during replication.
7. ChangeLog [Changelog] information shall be purged upon completion
of a synchronization cycle where all replica members have been syn-
chronized with the master(s).
Weiser, Stokes [Page 3]
INTERNET-DRAFT LDAP Replication Requirements
3.1.2. Scheduling policies
The scheduling policies allow administration and tuning of the con-
vergence of replicas.
1. A propagation schedule SHALL be defined and SHOULD be tunable such
that every X hours and or N changes will automatically begin a repli-
cation cycle.
2. Immediate replication of critical values in secs/mins such as user
password changed SHALL be supported.
3. Allowance for non scheduled replication of replica upon request
such that the server has been down or unconnected for a period of
time.
3.2. Predetermined Replication Agreements
The use of predetermined replication agreements between the master
directories and replica directories MUST be addressed to provide
proper knowledge of access requirements and credentials between the
synchronizing directories.
Currently X.525 DISP [X.525] discusses this as a shadowing agreement
including such information as unit of replication, update mode, and
access point defining many of the policies between the master and a
replica.
4. Acknowledgements
This document is based on input from IETF members interested in LDAP
replication
5. Bibliography
[LDAPv3] - M. Wahl, T. Howes, S. Kille "Lightweight Directory Access
Protocol (v3), Internet Draft, draft-ietf-asid-ldapv3-04.txt March
1997.
[LDIF] -_ Gordon Good, "The LDAP Data Interchange Format (LDIF)",
Internet draft, draft-ietf-asid-ldif-00.txt, November 1996.
[Changelog] - Gordon Good, "Definitions of an Object Class to Hold
LDAP Change records", Internet Draft, draft-ietf-asid-
Weiser, Stokes [Page 4]
INTERNET-DRAFT LDAP Replication Requirements
changelog-00.txt, November 1996.
[X.525] - "Information Technology - Open Systems Interconnection- The
Directory: Replication", ITU-T Recommendation X.525 and ISO/IEC
International Standard 9594-9, November 1993.
6. Author(s) Addres
Russel F. Weiser
Novell Inc.
122 East 1700 South
Provo, Utah 84606
USA
E-mail: Rweiser@novell.com
Telephone: +1-801-861-7808
Fax +1-801-861-7808
Ellen J. Stokes
IBM
11400 Burnet Rd.
Austin, Texas 78758
USA
E-mail: stokes@austin.ibm.com
Telephone: +1-512-838-3725
Fax: +1-512-838-0156
Weiser, Stokes [Page 5]
INTERNET-DRAFT LDAP Replication Requirements
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 1
2. Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
3. General Requirements . . . . . . . . . . . . . . . . . . . . . . 2
3.1. Replication policy definitions . . . . . . . . . . . . . . . . 3
3.1.1. Propagation behavior . . . . . . . . . . . . . . . . . . . . 3
3.1.2. Scheduling policies . . . . . . . . . . . . . . . . . . . . 3
3.2. Predetermined Replication Agreements . . . . . . . . . . . . 4
4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 4
5. Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . 4
6. Author(s) Address . . . . . . . . . . . . . . . . . . . . . . . 5
Weiser, Stokes [Page 1]
