[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Proxying data for syncrepl

----- "Gavin Henry" <ghenry@suretecsystems.com> wrote:

> Yes, and that it is "proxying" data. Openldap as the remove has what
> is needed, domino does not.

Bonnie, that meant to say, "as the remote". For example, the OpenLDAP remote side
might have an entry like so:

# gavin.henry@suretecsystems.com, MailAliases, suretecsystems.com
dn: cn=gavin.henry@suretecsystems.com,ou=MailAliases,dc=suretecsystems,dc=com
structuralObjectClass: suretecMailAlias
entryUUID: fdbf98ca-3118-102c-9eee-c3b0278f5eab
creatorsName: cn=admin,dc=suretecsystems,dc=com
createTimestamp: 20071127094345Z
entryCSN: 20071127130047.357178Z#000000#000#000000
modifiersName: cn=admin,dc=suretecsystems,dc=com
modifyTimestamp: 20071127130047Z
entryDN: cn=gavin.henry@suretecsystems.com,ou=MailAliases,dc=suretecsystems,dc
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

Note the entryCSN and entryUUID as per:

RFC 4533         LDAP Content Synchronization Operation        June 2006 [Page 28]

Appendix A.  CSN-based Implementation Considerations

   ...the server not only maintains a CSN for each
   directory entry (the entry CSN) but also maintains a value that we
   will call the context CSN.  The context CSN is the greatest committed
   entry CSN that is not greater than any outstanding (uncommitted)
   entry CSNs for all entries in a directory context.  The values of
   context CSN are used in syncCookie values as synchronization state

These are what Syncrepl needs, and because the remote side you are proxying has
them, all is well.

Now take an entry from Active Directory on Windows Server 2008:

dn: CN=Administrator,CN=Users,DC=ad,DC=suretecsystems,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Administrator
description: Built-in account for administering the computer/domain
distinguishedName: CN=Administrator,CN=Users,DC=ad,DC=suretecsystems,DC=com
instanceType: 4
whenCreated: 20080818193354.0Z
whenChanged: 20080818195251.0Z
uSNCreated: 8194
memberOf: CN=Group Policy Creator Owners,CN=Users,DC=ad,DC=suretecsystems,DC=com
memberOf: CN=Domain Admins,CN=Users,DC=ad,DC=suretecsystems,DC=com
memberOf: CN=Enterprise Admins,CN=Users,DC=ad,DC=suretecsystems,DC=com
memberOf: CN=Schema Admins,CN=Users,DC=ad,DC=suretecsystems,DC=com
memberOf: CN=Administrators,CN=Builtin,DC=ad,DC=suretecsystems,DC=com
uSNChanged: 12715
name: Administrator
userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 128635631238177500
lastLogoff: 0
lastLogon: 128635645180075000
pwdLastSet: 128635613297241250
primaryGroupID: 513
adminCount: 1
accountExpires: 0
logonCount: 13
sAMAccountName: Administrator
sAMAccountType: 805306368
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ad,DC=suretecsystems,DC=com
isCriticalSystemObject: TRUE
dSCorePropagationData: 20080818193742.0Z
dSCorePropagationData: 16010101000005.0Z
lastLogonTimestamp: 128635619492443750

There is no entryCSN or entryUUID.

Kind Regards,

Gavin Henry.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com

Open Source. Open Solutions(tm).