[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Synchronization

To: "John Klein" <zarkon@law.harvard.edu>
Subject: Re: Synchronization
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Wed, 16 Jun 2004 19:13:47 +0200 (CEST)
Cc: openldap-software@OpenLDAP.org
Importance: Normal
In-reply-to: <Pine.OSX.4.60.0406161238490.672@roam204-24.law.harvard.edu>
References: <Pine.OSX.4.60.0406161238490.672@roam204-24.law.harvard.edu>
User-agent: SquirrelMail/1.4.3a-1

> One of the things we're currently working on is hacking together something
> to support automatic updates of our non-LDAP-aware tools and to implement
> certain business logic rules for our own directory. So, for instance, when
> an entry aquires an ou of FOO, we would like to add their mail attribute
> (if any) to the mailing list that happens to be associated with foo and
> also add an ou: bar attribute to their entry. We've come up with a number
> of approaches:
>
> 1. Have something periodically crawl the directory and notice changes.
> 2. Have something periodically scrape a logfile to get changes.
> 3. Use back-perl (with back-bdb replicas for reading).
> 4. Write data somewhere else first with custom tools, then sync to LDAP.
> 5. Write a limited back-perl and make that a replica of the main server.
>
> Unless I have grossly misread the documentation (which is, I must admit, a
> possibility) there isn't an Apache-like module syntax whereby I could
> manipulate data and then hand it to a pre-existing backend (although some
> of our goals might be achievable with back-meta).

There is, with examples that do something related to what you mean;
look at 2.2.latest in servers/slapd/overlays/ and read unique.c or
refint.c, you'll see good examples of data manipulation "a la apache".
The API is not very clean, right now, and you need to be an expert
OpenLDAP hacker to make it thru overlays safely, but n case you may ask
for help.

I'd favour a programmatical approach, though, e.g. writing an appropriate
client.

> We thought about just
> patching the code, but of course that rapidly becomes less manageable if
> we want to stay up-to-date (which we do).
>
> So, we're currently leaning towards #5, but would be interested to know if
> there is a better way of implementing this using OpenLDAP (since other
> people have presumably done this kind of thing in the past).

You could use something like content synchronization to be informed about
changes in the data you want to monitor; have a look at
draft-zeilenga-ldup-sync, "The LDAP Content Synchronization Operation"; I
don't know what's the implementation status in detail, but it's widely
used by SyncRepl as an alternative to slurpd for replication.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

References:
- Synchronization
  - From: John Klein <zarkon@law.harvard.edu>

Prev by Date: Synchronization
Next by Date: Re: Synchronization
Index(es):
- Chronological
- Thread