Presentation is loading. Please wait.

Presentation is loading. Please wait.

LDAP Client Update Protocol (LCUP) Olga Natkovich Sun-Netscape Alliance

Published byRonald Gilmore Modified over 9 years ago

Similar presentations

Presentation on theme: "LDAP Client Update Protocol (LCUP) Olga Natkovich Sun-Netscape Alliance"— Presentation transcript:

1 LDAP Client Update Protocol (LCUP) Olga Natkovich Sun-Netscape Alliance olga@netscape.com

2 Introduction LCUP is intended to synchronize LDAP clients with content stored by LDAP servers. Problem areas address –mobile clients that maintain local data cache –meta directory applications –event triggers Problem areas not addressed –server to server synchronization (addressed by LDUP) LCUP combines features of DirSync, Persistent search and Triggered search

3 Protocol Characteristics Supports one way synchronization only. Server does not maintain any state information on behalf of the clients. Clients maintain the state information passed to them by the server in a cookie. No predefined agreements. Clients decide when and from which server to get the changes. Clients always initiate synchronization sessions. Clients always pull the data from a server.

4 Protocol Elements clientUpdateControlValue ::= SEQUENCE{ cookie OCTET STRING OPTIONAL keepConnection BOOLEAN DEFAULT FALSE changesOnly BOOLEAN DEFAULT FALSE} entryUpdateControlValue ::= SEQUENCE{ cookie OCTET STRING OPTIONAL stateUpdate BOOLEAN DEFAULT FALSE entryDeleted BOOLEAN DEFAULT FALSE} clientUpdateDoneControlValue ::= SEQUENCE{ reason INTEGER reasonText STRING OPTIONAL cookie OCTET STRING OPTIONAL} stopClientUpdate extended operations

5 Event Triggering

6 Non-persistent Synchronization

7 Non-persistent Synchronization (cont.)

8 Persistent Synchronization

9 Persistent Synchronization (cont.)

10 Features under discussion Change type: present in triggered search; attaches a reason for return to each entry sent to the client. Hard to implement for historical changes. Sending changes: present in DirSync; only modified attributes rather than all attributes requested by the client are returned. Size Limit: present in DirSync; allows to specify the amount of data (in bytes) that can be sent to the client. Standard LDAP mechanism can be used instead. Data Ordering: present in DirSync; guarantees that the parent is sent before a child for adds and vise versa for deletes. Useful for hierarchical data but hard to implement.

11 LCUP and LDUP The scope of each search operation is restricted to a single LDUP replica. Each entry returned to the client contains uniqueid as defined in LDUP. The uniqueid can be used by the client to uniquely cross-reference the data in the client’s data store and the directory data. Protocol features can be implemented efficiently by an LDUP compliant server.

12 Security Considerations Access control enforcement on the data. Use of the protocol is restricted to “trusted” clients. Mechanism to identify and disconnect malicious clients. Server behavior is not specified for the case where data becomes not visible to the client due to access control changes. Proper behavior is not guaranteed if access control on the data is changed from more restrictive to less restrictive one.

Download ppt "LDAP Client Update Protocol (LCUP) Olga Natkovich Sun-Netscape Alliance"

Similar presentations

Reinventing Email using REST. Anything addressable by a URI is called a resource GET, PUT, POST, DELETE WebDAV (MOVE, LOCK)

Reinventing using REST. Anything addressable by a URI is called a resource GET, PUT, POST, DELETE WebDAV (MOVE, LOCK)
CookiesPHPMay-2007 : [‹#›] Maintaining State in PHP Part I - Cookies.

CookiesPHPMay-2007 : [‹#›] Maintaining State in PHP Part I - Cookies.
Indications in green = Live content Indications in white = Edit in master Indications in blue = Locked elements Indications in black = Optional elements.

Indications in green = Live content Indications in white = Edit in master Indications in blue = Locked elements Indications in black = Optional elements.
Introduction to push technology © 2009 Research In Motion Limited.

Introduction to push technology © 2009 Research In Motion Limited.
Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.

Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.
Observer Pattern Fall 2005 OOPD John Anthony. What is a Pattern? “Each pattern describes a problem which occurs over and over again in our environment,

Observer Pattern Fall 2005 OOPD John Anthony. What is a Pattern? “Each pattern describes a problem which occurs over and over again in our environment,
JavaScript Forms Form Validation Cookies CGI Programs.

JavaScript Forms Form Validation Cookies CGI Programs.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition File-System Interface.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition File-System Interface.
Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?

Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.

Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Naming Names in computer systems are used to share resources, to uniquely identify entities, to refer to locations and so on. An important issue with naming.

Naming Names in computer systems are used to share resources, to uniquely identify entities, to refer to locations and so on. An important issue with naming.
Understanding Active Directory

Understanding Active Directory
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Similar presentations

Ads by Google