ED-LDAP Replication Service

• There exists no programmatic way to update ED-Lite, ED-Auth, and ED-ID with Registry changes.

1. Ability to listen to a JMS topic for SPML messages
2. Ability to parse a SPML message and apply the appropriate change to an ED Ldap, supporting
   • add
   • modify
   • delete
3. Ability to guarantee that record processing is in strict chronological order

1. Must be implemented as a clustered singleton service.

The ED-LDAP Replication Service is one of the Replication Services of the clients-repl subversion project. See Replication Services Overview for a description of the overall replication process. This documentation describes the target system specific processing referred to in that documentation.

The ED-LDAP target system specific processing is as follows:

1. Wait for an SPML message to be sent to its sendSPML() method.
2. Split the SPML Batch Request into single SPML Requests.
3. Process each SPML Request in turn.
   1. Determine if the operation is an addRequest or a deleteRequest.
      • addRequest is used both for creating a new ED record and modifying an existing ED record
      • deleteRequest is used for deleting an existing ED record
   2. Perform data manipulation pre-processing, as needed.
   3. Add or delete the record from the ED(s) by making a Ldap call.
   4. Handle any errors.
4. Go to 1.

Communication with the ED(s) uses an Ldap connection.

• Person
  • virginiaTechPerson
  • virginiaTechAddress
• Group
  • virginiaTechGroup
• Entitlement
  • virginiaTechEntitlement
• Service
  • virginiaTechService

Template SPML Batch Requests:

<batchRequest xmlns:spml="urn:oasis:names:tc:SPML:1:0" xmlns:dsml="http://www.dsml.org/DSML" onError="exit" processing="sequential">
  <spml:addRequest>
    <spml:identifier type="urn:vt.edu:SPML:person">
      <spml:id>uid=1234,ou=People,dc=vt,dc=edu</spml:id>
    </spml:identifier>
    <spml:attributes>
      <dsml:attr name="single-valued-attribute">
        <dsml:value>value</dsml:value>
      </dsml:attr>
      <dsml:attr name="multi-valued-attribute">
        <dsml:value>value1</dsml:value>
        <dsml:value>value2</dsml:value>
      </dsml:attr>
    </spml:attributes>
  </spml:addRequest>
  <spml:addRequest>
    <spml:identifier type="urn:vt.edu:SPML:address">
      <spml:id>uuaid=5678,ou=Addresses,dc=vt,dc=edu</spml:id>
    </spml:identifier>
    <spml:attributes>
      <dsml:attr name="attribute">
        <dsml:value>value</dsml:value>
      </dsml:attr>
      <dsml:attr name="multi-valued-attribute">
        <dsml:value>value</dsml:value>
        <dsml:value>value</dsml:value>
      </dsml:attr>
    </spml:attributes>
  </spml:addRequest>
</batchRequest>

<batchRequest xmlns:spml="urn:oasis:names:tc:SPML:1:0" xmlns:dsml="http://www.dsml.org/DSML" onError="exit" processing="sequential">
  <spml:deleteRequest>
    <spml:identifier type="urn:vt.edu:SPML:person">
      <spml:id>uid=1234,ou=People,dc=vt,dc=edu</spml:id>
    </spml:identifier>
  </spml:deleteRequest>
</batchRequest>

<batchRequest xmlns:spml="urn:oasis:names:tc:SPML:1:0" xmlns:dsml="http://www.dsml.org/DSML" onError="exit" processing="sequential">
  <spml:addRequest>
    <spml:identifier type="urn:vt.edu:SPML:group">
      <spml:id>uugid=abcd,ou=Groups,dc=vt,dc=edu</spml:id>
    </spml:identifier>
    <spml:attributes>
      <dsml:attr name="attribute">
        <dsml:value>value</dsml:value>
      </dsml:attr>
      <dsml:attr name="multi-valued-attribute">
        <dsml:value>value</dsml:value>
        <dsml:value>value</dsml:value>
      </dsml:attr>
    </spml:attributes>
  </spml:addRequest>
</batchRequest>

<batchRequest xmlns:spml="urn:oasis:names:tc:SPML:1:0" xmlns:dsml="http://www.dsml.org/DSML" onError="exit" processing="sequential">
  <spml:deleteRequest>
    <spml:identifier type="urn:vt.edu:SPML:person">
      <spml:id>uugid=abcd,ou=Groups,dc=vt,dc=edu</spml:id>
    </spml:identifier>
  </spml:deleteRequest>
</batchRequest>

<batchRequest xmlns:spml="urn:oasis:names:tc:SPML:1:0" xmlns:dsml="http://www.dsml.org/DSML" onError="exit" processing="sequential">
  <spml:addRequest>
    <spml:identifier type="urn:vt.edu:SPML:group">
      <spml:id>uid=9876,ou=Entitlements,dc=vt,dc=edu</spml:id>
    </spml:identifier>
    <spml:attributes>
      <dsml:attr name="attribute">
        <dsml:value>value</dsml:value>
      </dsml:attr>
      <dsml:attr name="multi-valued-attribute">
        <dsml:value>value</dsml:value>
        <dsml:value>value</dsml:value>
      </dsml:attr>
    </spml:attributes>
  </spml:addRequest>
</batchRequest>

<batchRequest xmlns:spml="urn:oasis:names:tc:SPML:1:0" xmlns:dsml="http://www.dsml.org/DSML" onError="exit" processing="sequential">
  <spml:deleteRequest>
    <spml:identifier type="urn:vt.edu:SPML:person">
      <spml:id>uid=9876,ou=Entitlements,dc=vt,dc=edu</spml:id>
    </spml:identifier>
  </spml:deleteRequest>
</batchRequest>

<batchRequest xmlns:spml="urn:oasis:names:tc:SPML:1:0" xmlns:dsml="http://www.dsml.org/DSML" onError="exit" processing="sequential">
  <spml:addRequest>
    <spml:identifier type="urn:vt.edu:SPML:group">
      <spml:id>uusid=wxyz,ou=Services,dc=vt,dc=edu</spml:id>
    </spml:identifier>
    <spml:attributes>
      <dsml:attr name="attribute">
        <dsml:value>value</dsml:value>
      </dsml:attr>
      <dsml:attr name="multi-valued-attribute">
        <dsml:value>value</dsml:value>
        <dsml:value>value</dsml:value>
      </dsml:attr>
    </spml:attributes>
  </spml:addRequest>
</batchRequest>

<batchRequest xmlns:spml="urn:oasis:names:tc:SPML:1:0" xmlns:dsml="http://www.dsml.org/DSML" onError="exit" processing="sequential">
  <spml:deleteRequest>
    <spml:identifier type="urn:vt.edu:SPML:person">
      <spml:id>uusid=wxyz,ou=Services,dc=vt,dc=edu</spml:id>
    </spml:identifier>
  </spml:deleteRequest>
</batchRequest>

1. problem communicating with the ED instance(s)
   • Exit from the sendSPML() method by throwing a ReplException.
   • This causes a resend of the SPML message.
   • This guarantees that no replication message is lost when an ED instance is unavailable.
2. ED instance problem while processing the requested change
   • Use the Registry Change Bean to log the SPML Request and returned LDAP error code.
   • This guarantees that all replication errors are logged.
   • Exit from the sendSPML() method using normal return because no retry is needed.

• Javadocs