Active Directory Replication Service

• Existing batch-oriented process to update Active Directory with Registry changes needs to be replaced
  • conform to Middleware standard for Replication Services, which will
  • provide more timely updates.

1. Ability to listen to a JMS topic for SPML messages
2. Ability to parse a SPML message and apply the appropriate change to an Active Directory, supporting
   • add
   • modify
3. Ability to guarantee that record processing is in strict chronological order

1. Must be implemented as a clustered singleton service.

The Active Directory Replication Service is one of the Replication Services of the clients-repl subversion project. See Replication Services Overview for a description of the overall replication process. This documentation describes the target system specific processing referred to in that documentation.

The Active Directory target system specific processing is as follows:

1. Wait for an SPML message to be sent to its sendSPML() method.
2. Send the message to the target system by making a web service call.

The Active Directory Replication Service is a implemented as a web client that sends messages to the web service running on the Active Directory server(s).

• Person
  • Only those Person records in the Registry that have employee status are replicated.
  • The selection of qualifying records is performed externally to the Replication Service processing, before the messages are added to the JMS Topic.
  • Therefore all messages in the JMS Topic are processed.
• Address
  • Only the office address is replicated.

Employee status is determined from the VT Affiliations assigned to the Person record. The selection is performed by the Registry Change Bean.

Template SPML Batch Requests:

<batchRequest xmlns:spml="urn:oasis:names:tc:SPML:1:0" xmlns:dsml="http://www.dsml.org/DSML" onError="exit" processing="sequential">
  <spml:addRequest>
    <spml:identifier type="urn:vt.edu:SPML:person">
      <spml:id>uid=1234,ou=People,dc=vt,dc=edu</spml:id>
    </spml:identifier>
    <spml:attributes>
      <dsml:attr name="single-valued-attribute">
        <dsml:value>value</dsml:value>
      </dsml:attr>
      <dsml:attr name="multi-valued-attribute">
        <dsml:value>value1</dsml:value>
        <dsml:value>value2</dsml:value>
      </dsml:attr>
    </spml:attributes>
  </spml:addRequest>
  <spml:addRequest>
    <spml:identifier type="urn:vt.edu:SPML:address">
      <spml:id>uuaid=5678,ou=Addresses,dc=vt,dc=edu</spml:id>
    </spml:identifier>
    <spml:attributes>
      <dsml:attr name="attribute">
        <dsml:value>value</dsml:value>
      </dsml:attr>
      <dsml:attr name="multi-valued-attribute">
        <dsml:value>value</dsml:value>
        <dsml:value>value</dsml:value>
      </dsml:attr>
    </spml:attributes>
  </spml:addRequest>
</batchRequest>

1. problem communicating with the Active Directory web service
   • Exit from the sendSPML() method with the Exception thrown by the web service call.
   • This causes a resend of the SPML message.
   • This guarantees that no replication message is lost when the web service is unavailable.
2. Active Directory web service problem while processing the requested change
   • All error handling once the record is passed to the web service is outside of the scope of this Replication Service.
   • Exit from the sendSPML() method using normal return because no retry is needed.

• Javadocs