HTTP/1.1 200 OK Date: Tue, 09 Apr 2002 00:55:02 GMT Server: Apache/1.3.20 (Unix) Last-Modified: Thu, 24 Jul 1997 13:36:00 GMT ETag: "2e7c89-278f-33d75a40" Accept-Ranges: bytes Content-Length: 10127 Connection: close Content-Type: text/plain IETF-ASID Russel Weiser Informational Draft Novell Inc. Expire in six months Ellen Stokes IBM 16 July 1997 LDAP Replication Requirements Status of this Memo This document is an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a Maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or cite them other than as " work in progress." To learn the current status of any Internet-Draft, please check the "lid- abstracts.txt" listing contained in the Internet-Drafts Shadow Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or ftp.isi.edu (US West Coast). Abstract This document discusses some of the fundamental requirements for replication and synchronization of the LDAPv3 [LDAPv3] protocol. It is intended to be a gathering place for general replication requirements needed to provide interoperability between informational directories. 1. Introduction The ability distribute directory information throughout the network provides a two fold benefit to the network: (1) increasing the relia- bililty of the directory through fault tolerance, and (2) brings the directory content closer to the clients using the data. LDAPs accep- tance as a access protocol for directory information is driving the need to distribute LDAP directory content among servers within enter- prise and Internet. Currently LDAP does not define a synchronization mechanism and only generally mentions LDAP shadow servers see Weiser, Stokes [Page 1] INTERNET-DRAFT LDAP Replication Requirements [LDAPv3] and [Changelog] in passing. The requirements for replication are critical to the successful deployment and acceptance of LDAP in the market place. 2. Objectives The major objectives are to provide a simple highly efficient and preforming replica synchronization method for LDAP while also provid- ing the appropriate flexibility to meet the needs of both the Inter- net and enterprise environments. Simple Efficient Reliable Provides Interoperability between vendors Flexibility 3. General Requirements The following requirements are in no priority order. The flexibility of a LDAP replication should be of the upmost impor- tance due to the nature of the Internet and enterprise environments. This generally leads to several general requirements that are dis- cussed briefly below. Therefore support for both multi-master and master/slave environments should be a driving requirement. Both these models SHALL be sup- ported. Note: The definition of a replica either as a Read-only replica or Read/Write replica allowing administrators the choice of centralized or distributed management of the directory. Additionally synchronization of LDAP replicas should allow either a master and or replica to initiate the replication process and allow the initiator to determine whether it will become a consumer and or supplier during the synchronization process. This would allow a replica to be periodically connected and synchronized from remote sites at the local administrator's discretion. Another driving force or general requirement should be that all information between the master database and its replica databases SHALL be identical including all no user modify operational attributes such as timestamps. Support for SubTree Replication SHALL be defined to allow for greater flexibility replication toplologies of the DIT as discussed in X.525 section 7.2 [X.525]. Along with the above is the need for replication policies that govern Weiser, Stokes [Page 2] INTERNET-DRAFT LDAP Replication Requirements the behavior of the replicas and the synchronization process and are briefly discussed below in sections 3.1. 3.1. Replication policy definitions Policies for the LDAP replication/synchronization shall be defined in such a manner as to allow programmatic representation; these policies shall be kept as replica attributes or as entries of the predeter- mined agreement discussed in section 3.2 to be propagated during replication. 3.1.1. Propagation behavior Propagation behavior defines the general behavior of the actual syn- chronization process between a consumer and a provider of replication information. 1. Replication SHALL only be allowed after the proper authentication and verification of authorization of both the replica and the source directory. 2. The transport of LDAP synchronization data MUST use secure trans- ports. 3. The replica synchronization SHALL be handled in such a manner as to not saturate network with repetitive entry replication from multi- ple synchronization providers points. 4. Full copy replication SHOULD be supported for reset and initial loading of a replica using the LDIF [LDIF]. 5. The normal means of synchronizing replicas SHALL be performed through incremental synchronization and in accordance with the scheduling policies of section 3.1.2. 6. Multiple LDAP changes SHOULD to be allowed to be treated as single atomic transactions propagated during replication. 7. ChangeLog [Changelog] information shall be purged upon completion of a synchronization cycle where all replica members have been syn- chronized with the master(s). Weiser, Stokes [Page 3] INTERNET-DRAFT LDAP Replication Requirements 3.1.2. Scheduling policies The scheduling policies allow administration and tuning of the con- vergence of replicas. 1. A propagation schedule SHALL be defined and SHOULD be tunable such that every X hours and or N changes will automatically begin a repli- cation cycle. 2. Immediate replication of critical values in secs/mins such as user password changed SHALL be supported. 3. Allowance for non scheduled replication of replica upon request such that the server has been down or unconnected for a period of time. 3.2. Predetermined Replication Agreements The use of predetermined replication agreements between the master directories and replica directories MUST be addressed to provide proper knowledge of access requirements and credentials between the synchronizing directories. Currently X.525 DISP [X.525] discusses this as a shadowing agreement including such information as unit of replication, update mode, and access point defining many of the policies between the master and a replica. 4. Acknowledgements This document is based on input from IETF members interested in LDAP replication 5. Bibliography [LDAPv3] - M. Wahl, T. Howes, S. Kille "Lightweight Directory Access Protocol (v3), Internet Draft, draft-ietf-asid-ldapv3-04.txt March 1997. [LDIF] -_ Gordon Good, "The LDAP Data Interchange Format (LDIF)", Internet draft, draft-ietf-asid-ldif-00.txt, November 1996. [Changelog] - Gordon Good, "Definitions of an Object Class to Hold LDAP Change records", Internet Draft, draft-ietf-asid- Weiser, Stokes [Page 4] INTERNET-DRAFT LDAP Replication Requirements changelog-00.txt, November 1996. [X.525] - "Information Technology - Open Systems Interconnection- The Directory: Replication", ITU-T Recommendation X.525 and ISO/IEC International Standard 9594-9, November 1993. 6. Author(s) Addres Russel F. Weiser Novell Inc. 122 East 1700 South Provo, Utah 84606 USA E-mail: Rweiser@novell.com Telephone: +1-801-861-7808 Fax +1-801-861-7808 Ellen J. Stokes IBM 11400 Burnet Rd. Austin, Texas 78758 USA E-mail: stokes@austin.ibm.com Telephone: +1-512-838-3725 Fax: +1-512-838-0156 Weiser, Stokes [Page 5] INTERNET-DRAFT LDAP Replication Requirements Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2. Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 3. General Requirements . . . . . . . . . . . . . . . . . . . . . . 2 3.1. Replication policy definitions . . . . . . . . . . . . . . . . 3 3.1.1. Propagation behavior . . . . . . . . . . . . . . . . . . . . 3 3.1.2. Scheduling policies . . . . . . . . . . . . . . . . . . . . 3 3.2. Predetermined Replication Agreements . . . . . . . . . . . . 4 4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 4 5. Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . 4 6. Author(s) Address . . . . . . . . . . . . . . . . . . . . . . . 5 Weiser, Stokes [Page 1]