[Search] [txt|pdf|bibtex] [Tracker] [WG] [Email] [Nits]

Versions: 00 01                                                         
IETF-ASID                                                  Russel Weiser
Informational Draft                                        Novell Inc.
Expire in six months                                       Ellen Stokes
                                                           IBM
                                                           16 July 1997

                       LDAP Replication Requirements
                    <draft-ietf-asid-replica-req-00.txt>


   Status of this Memo

   This document is  an  Internet-Draft.   Internet-Drafts  are  working
   documents  of  the Internet Engineering Task Force (IETF), its areas,
   and its working groups.  Note that other groups may  also  distribute
   working documents as Internet- Drafts.

   Internet-Drafts are draft documents valid for a Maximum of six months
   and may be updated, replaced, or obsoleted by other documents at  any
   time.   It  is  inappropriate  to  use  Internet-Drafts  as reference
   material or cite them other than as " work in  progress."   To  learn
   the  current  status  of  any  Internet-Draft, please check the "lid-
   abstracts.txt"  listing  contained  in  the  Internet-Drafts   Shadow
   Directories   on   ftp.is.co.za   (Africa),  nic.nordu.net  (Europe),
   munnari.oz.au (Pacific Rim),  ds.internic.net  (US  East  Coast),  or
   ftp.isi.edu (US West Coast).



   Abstract

   This  document  discusses  some  of  the fundamental requirements for
   replication and synchronization of the LDAPv3 [LDAPv3] protocol.   It
   is   intended  to  be  a  gathering  place  for  general  replication
   requirements needed to provide interoperability between informational
   directories.



1.  Introduction
   The  ability  distribute directory information throughout the network
   provides a two fold benefit to the network: (1) increasing the relia-
   bililty  of the directory through fault tolerance, and (2) brings the
   directory content closer to the clients using the data.  LDAPs accep-
   tance  as  a access protocol for directory information is driving the
   need to distribute LDAP directory content among servers within enter-
   prise and Internet.  Currently LDAP does not define a synchronization
   mechanism  and  only  generally  mentions  LDAP  shadow  servers  see



Weiser, Stokes                                                  [Page 1]


INTERNET-DRAFT                             LDAP Replication Requirements


   [LDAPv3] and [Changelog] in passing. The requirements for replication
   are critical to the successful deployment and acceptance of  LDAP  in
   the market place.


2.  Objectives

   The  major  objectives  are  to provide a simple highly efficient and
   preforming replica synchronization method for LDAP while also provid-
   ing  the appropriate flexibility to meet the needs of both the Inter-
   net and enterprise environments.

      Simple
      Efficient
      Reliable
      Provides Interoperability between vendors
      Flexibility


3.  General Requirements

   The following requirements are in no priority order.

   The flexibility of a LDAP replication should be of the upmost  impor-
   tance  due to the nature of the Internet and enterprise environments.
   This generally leads to several general requirements  that  are  dis-
   cussed briefly below.

   Therefore support for both multi-master and master/slave environments
   should be a driving requirement. Both  these  models  SHALL  be  sup-
   ported.  Note:  The  definition  of  a  replica either as a Read-only
   replica or Read/Write replica allowing administrators the  choice  of
   centralized or distributed management of the directory.

   Additionally  synchronization  of LDAP replicas should allow either a
   master and or replica to initiate the replication process  and  allow
   the  initiator  to determine whether it will become a consumer and or
   supplier during the  synchronization  process.  This  would  allow  a
   replica  to  be  periodically  connected and synchronized from remote
   sites at the local administrator's discretion.
   Another driving force or  general  requirement  should  be  that  all
   information  between  the  master database and its  replica databases
   SHALL  be  identical  including  all  no  user   modify   operational
   attributes such as timestamps.
   Support for SubTree Replication SHALL be defined to allow for greater
   flexibility replication toplologies of the DIT as discussed in  X.525
   section 7.2 [X.525].
   Along with the above is the need for replication policies that govern



Weiser, Stokes                                                  [Page 2]


INTERNET-DRAFT                             LDAP Replication Requirements


   the behavior of the replicas and the synchronization process and  are
   briefly discussed below in sections 3.1.


3.1.  Replication policy definitions

   Policies for the LDAP replication/synchronization shall be defined in
   such a manner as to allow programmatic representation; these policies
   shall  be  kept  as replica attributes or as entries of the predeter-
   mined agreement discussed in section  3.2  to  be  propagated  during
   replication.


3.1.1.  Propagation behavior

   Propagation  behavior defines the general behavior of the actual syn-
   chronization process between a consumer and a provider of replication
   information.

   1.  Replication SHALL only be allowed after the proper authentication
   and verification of authorization of both the replica and the  source
   directory.

   2.  The transport of LDAP synchronization data MUST use secure trans-
   ports.

   3. The replica synchronization SHALL be handled in such a  manner  as
   to not saturate network with repetitive entry replication from multi-
   ple synchronization providers points.


   4. Full copy replication SHOULD be supported for  reset  and  initial
   loading of a replica using the LDIF [LDIF].

   5.  The  normal  means  of  synchronizing replicas SHALL be performed
   through  incremental  synchronization  and  in  accordance  with  the
   scheduling policies of section 3.1.2.

   6. Multiple LDAP changes SHOULD to be allowed to be treated as single
   atomic transactions propagated during replication.

   7. ChangeLog [Changelog] information shall be purged upon  completion
   of  a  synchronization cycle where all replica members have been syn-
   chronized with the master(s).







Weiser, Stokes                                                  [Page 3]


INTERNET-DRAFT                             LDAP Replication Requirements


3.1.2.  Scheduling policies

   The scheduling policies allow administration and tuning of  the  con-
   vergence of replicas.

   1. A propagation schedule SHALL be defined and SHOULD be tunable such
   that every X hours and or N changes will automatically begin a repli-
   cation cycle.

   2. Immediate replication of critical values in secs/mins such as user
   password changed SHALL be supported.

   3. Allowance for non scheduled replication of  replica  upon  request
   such  that  the  server  has been down or unconnected for a period of
   time.



3.2.  Predetermined Replication Agreements

   The use of predetermined replication agreements  between  the  master
   directories  and  replica  directories  MUST  be addressed to provide
   proper knowledge of access requirements and credentials  between  the
   synchronizing directories.

   Currently  X.525 DISP [X.525] discusses this as a shadowing agreement
   including such information as unit of replication, update  mode,  and
   access  point  defining many of the policies between the master and a
   replica.



4.  Acknowledgements
   This document is based on input from IETF members interested in  LDAP
   replication


5.  Bibliography

   [LDAPv3]  - M. Wahl, T. Howes, S. Kille "Lightweight Directory Access
   Protocol (v3), Internet Draft,  draft-ietf-asid-ldapv3-04.txt   March
   1997.

   [LDIF]  -_  Gordon  Good,  "The LDAP Data Interchange Format (LDIF)",
   Internet draft,  draft-ietf-asid-ldif-00.txt, November 1996.

   [Changelog] - Gordon Good, "Definitions of an Object  Class  to  Hold
   LDAP    Change    records",    Internet    Draft,    draft-ietf-asid-



Weiser, Stokes                                                  [Page 4]


INTERNET-DRAFT                             LDAP Replication Requirements


   changelog-00.txt, November  1996.

   [X.525] - "Information Technology - Open Systems Interconnection- The
   Directory:  Replication",  ITU-T  Recommendation  X.525   and ISO/IEC
   International Standard 9594-9, November  1993.



6.  Author(s) Addres

     Russel F. Weiser
     Novell Inc.
     122 East 1700 South
     Provo, Utah  84606
     USA

     E-mail: Rweiser@novell.com
     Telephone: +1-801-861-7808
     Fax +1-801-861-7808


     Ellen J. Stokes
     IBM
     11400 Burnet Rd.
     Austin, Texas  78758
     USA

     E-mail: stokes@austin.ibm.com
     Telephone: +1-512-838-3725
     Fax: +1-512-838-0156





















Weiser, Stokes                                                  [Page 5]


INTERNET-DRAFT                             LDAP Replication Requirements


                           Table of Contents


1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . . .   1
2.  Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . .   2
3.  General Requirements . . . . . . . . . . . . . . . . . . . . . .   2
3.1.  Replication policy definitions . . . . . . . . . . . . . . . .   3
3.1.1.  Propagation behavior . . . . . . . . . . . . . . . . . . . .   3
3.1.2.  Scheduling policies  . . . . . . . . . . . . . . . . . . . .   3
3.2.  Predetermined Replication  Agreements  . . . . . . . . . . . .   4
4.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . .   4
5.  Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . .   4
6.  Author(s) Address  . . . . . . . . . . . . . . . . . . . . . . .   5






































Weiser, Stokes                                                  [Page 1]