Presentation is loading. Please wait.

Presentation is loading. Please wait.

Leveraging RFC 4533 to build a heterogeneous LDAP server replication system Emmanuel Lécharny Leveraging RFC 4533 to build a heterogeneous.

Published byIra Dennis Modified over 8 years ago

Similar presentations

Presentation on theme: "Leveraging RFC 4533 to build a heterogeneous LDAP server replication system Emmanuel Lécharny Leveraging RFC 4533 to build a heterogeneous."— Presentation transcript:

1 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system Emmanuel Lécharny elecharny@apache.org Leveraging RFC 4533 to build a heterogeneous replication system

2 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system Speaker's Qualification Emmanuel Lécharny Apache Software Foundation member Former chairman of the Apache Directory Project PMC of the Apache Directory Project PMC of the MINA Project Works at IKTEK, a small company based on Identity Managment and Open Source technologies

3 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system Agenda Introdution A bit of history RFC 4533, what's in the box ? Using it in a heteregoneous environment What for ? Roadmap Future steps Links Q/A

4 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system I Introduction Introduction

5 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system I introduction Replication : –Critical to any production LDAP server –Has to be reliable –Has to be fast –no exit option –not a standard until RFC 4533 was written –This RFC opens many doors It's not just about replication...

6 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system II History A bit of history

7 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system History X.500 is the root –Caching –Shadowing Replication is not a part of LDAP specifications Many published drafts since 1997 A few RFCs since 2002 –RFC 3384 –RFC 4530/4533 LDUP working group 'failed' to produce a RFC

8 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system History February 2004, Kurt Zeilenga's draft : LDAP Multi-master Replication Considered Harmful Many servers have already implemented a LDUP like replication system, but each system is vendor specific. OpenLDAP has implemented two different system : slurpd (now obsoleted) and Syncrepl Still looking for a common base to build an interoperable replication system...

9 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system III What's in the box ? RFC 4533, what's in the BOX ?

10 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system What's in the box ? “... and I think syncrepl is the best thing since copulation.” (seen on the OpenLDAP mailing list, 18/9/2009) Probably a bit emphatic !

11 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system What's in the box ? A standard A protocol Fixes some existing replication issues –Failure to ensure a reasonable level of convergence –Failure to detect that convergence cannot be achieved (without reload); –Require pre-arranged synchronization agreements –Require the server to maintain histories of past changes to DIT content and/or meta information –Require the server to maintain synchronization state on a per-client basis –Overly chatty protocols.

12 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system What's in the box ? Implemented so far by OpenLDAP Replaces the defunct LDUP group Is currently being implemented in Apache Directory Server

13 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system IV Implementation details Replication in a heterogeneous environment

14 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system Implementation details It does not need a specific protocol : LDAP is enough As soon as a server implements the producer part of the protocol, it can replicate itself with another consumer Implementing a consumer makes your server a working 'slave' To have the producer and consumer is not enough : you have to implement a conflict resolution system

15 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system Consumer The consumer is the easiest part to implement –Needs a client API –Implement the controls –Implement the protocol handling –Inject the modifications into the server Done in ADS, as a proof of concept Can be implemented as a standalone component

16 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system Producer The producer is more complex –Implement the controls –Implement the protocol handling –Support for persistent search –Support for polling –Have to keep a local state (with a journal) Not yet done in ADS Can also be a standalone component, a kind of replication proxy.

17 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system Conflict resolution The most complex part Easy only in Master-Slave situation When in multi-master, conflicts are likely to happen –Need synchronized servers (NTP) –Based on entryCSN –The better the precision, the better the resolution –Last writer wins This is a deterministic system, it does not need a human being to resolve conflicts

18 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system V What for ? What for ?

19 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system What for ? Implementing a standard –RFC 4533 is a de facto standard : it guarantees our users that they can switch from one server to another one if needed –Maybe not the best solution ever, but what else ? –In OSS world, interoperability matters –Allows a cross replication between openLDAP and Apache Directory Server

20 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system What for ? You can't ignore the installed servers –OpenLDAP is already installed in many places –Apache Directory Server serves a different set of needs and a heterogeneous cluster is ideal for providing the features you need based on the differing strengths offered by various servers –By implementing this RFC, we are offering more than just LDAP, but we also guarantee the users' assets –Some applications are not critical but need more extensible servers to work : we see that as an opportunity beside OpenLDAP

21 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system What for ? Apache DS offers extended functionalities –We have implemented Stored Procedures and Triggers –This can be leveraged in a global system where the central storage is OpenLDAP and ADS is used as an e-provisionning solution –Apache Directory Server can be embedded, and replicated with an external server –Can also be a solution for remote applications, when not connected

22 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system What for ? Other benefits –In companies where many different LDAP servers are installed, cross replication can help –Dedicated system using replication Auditing Backups –The protocol itself can be implemented without the backend : as an API

23 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system VI Roadmap Roadmap for Apache DS

24 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system Roadmap for ADS Apache Directory Server implementation status –Remove Mitosis code from the server –Include support for entryUUID and entryCSN –Implement a journal to efficiently implement synrecpl –Define a client-API being able to communicate using LDAP protocol with a remote server –Implement the needed controls (SyncRequest, SyncInfo, SyncDone, SyncState)

25 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system Roadmap for ADS ● Apache Directory Server implementation status : Implement the consumer part Write a proof of concept, with ADS being a consumer and OpenLDAP as producer Implement the producer part Implement the conflict resolution system Define and implement integration tests

26 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system DEMO DEMO...

27 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system VI Future Future steps

28 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system Future Delta-Syncrepl Syncrepl on other servers too ? Schema replication Tooling

29 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system VII Links Website –http://directory.apache.org Download –http://directory.apache.org/apacheds/1.5/downloads.html Mailing lists –Development list: dev@directory.apache.orgdev@directory.apache.org –Users list: users@directory.apache.orgusers@directory.apache.org Issue tracking –http://issues.apache.org/jira/browse/DIRSERVER

30 Leveraging RFC 4533 to build a heterogeneous LDAP server replication system Questions & Answers Questions & Answers

Download ppt "Leveraging RFC 4533 to build a heterogeneous LDAP server replication system Emmanuel Lécharny Leveraging RFC 4533 to build a heterogeneous."

Similar presentations

Directory Infrastructure Roadmap Overcoming Fragmented Identities - Roadmap to a Reliable Directory Infrastructure Thorsten Butschke & Dr. Martin Dehn.

Directory Infrastructure Roadmap Overcoming Fragmented Identities - Roadmap to a Reliable Directory Infrastructure Thorsten Butschke & Dr. Martin Dehn.
MicroKernel Pattern Presented by Sahibzada Sami ud din Kashif Khurshid.

MicroKernel Pattern Presented by Sahibzada Sami ud din Kashif Khurshid.
EIONET Training Beginners Zope Course Miruna Bădescu Finsiel Romania Copenhagen, 27 October 2003.

EIONET Training Beginners Zope Course Miruna Bădescu Finsiel Romania Copenhagen, 27 October 2003.
Notification Explosion Calendaring –You have a new meeting request –Your meeting begins in 15 minutes SIP –Hello HTTP/WebDAV –A resource you want to edit.

Notification Explosion Calendaring –You have a new meeting request –Your meeting begins in 15 minutes SIP –Hello HTTP/WebDAV –A resource you want to edit.
Enterprise LDAP Emmanuel Lécharny Iktek and Apache Directory Server.

Enterprise LDAP Emmanuel Lécharny Iktek and Apache Directory Server.
BalaBit Shell Control Box

BalaBit Shell Control Box
Indications in green = Live content Indications in white = Edit in master Indications in blue = Locked elements Indications in black = Optional elements.

Indications in green = Live content Indications in white = Edit in master Indications in blue = Locked elements Indications in black = Optional elements.
Snejina Lazarova Senior QA Engineer, Team Lead CRMTeam Dimo Mitev Senior QA Engineer, Team Lead SystemIntegrationTeam Telerik QA Academy SOAP-based Web.

Snejina Lazarova Senior QA Engineer, Team Lead CRMTeam Dimo Mitev Senior QA Engineer, Team Lead SystemIntegrationTeam Telerik QA Academy SOAP-based Web.
ITIS 3110 Jason Watson. Replication methods o Primary/Backup o Master/Slave o Multi-master Load-balancing methods o DNS Round-Robin o Reverse Proxy.

ITIS 3110 Jason Watson. Replication methods o Primary/Backup o Master/Slave o Multi-master Load-balancing methods o DNS Round-Robin o Reverse Proxy.
HEP Data Sharing … … and Web Storage services Alberto Pace Information Technology Division.

HEP Data Sharing … … and Web Storage services Alberto Pace Information Technology Division.
70-284 MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 14 Upgrading to Exchange Server 2003.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 14 Upgrading to Exchange Server 2003.
Grid and CDB Janusz Martyniak, Imperial College London MICE CM37 Analysis, Software and Reconstruction.

Grid and CDB Janusz Martyniak, Imperial College London MICE CM37 Analysis, Software and Reconstruction.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Understanding Active Directory

Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Chapter 7 Configuring & Managing Distributed File System

Chapter 7 Configuring & Managing Distributed File System
How WebMD Maintains Operational Flexibility with NoSQL Rajeev Borborah, Sr. Director, Engineering Matt Wilson – Director, Production Engineering – Consumer.

How WebMD Maintains Operational Flexibility with NoSQL Rajeev Borborah, Sr. Director, Engineering Matt Wilson – Director, Production Engineering – Consumer.

Similar presentations

Ads by Google