User Tools

Site Tools


middleware:devel:ed:edldap-repl

ED-LDAP Replication Service

Author unknown
Date unknown
Updated by Catherine Winfrey
Date 2008/07/17

Requirements

Problem Statements

  • There exists no programmatic way to update ED-Lite, ED-Auth, and ED-ID with Registry changes.

Functional Requirements

  1. Ability to listen to a JMS topic for SPML messages
  2. Ability to parse a SPML message and apply the appropriate change to an ED Ldap, supporting
    • add
    • modify
    • delete
  3. Ability to guarantee that record processing is in strict chronological order

Nonfunctional Requirements

  1. Must be implemented as a clustered singleton service.

Documentation

Basic Overview

The ED-LDAP Replication Service is one of the Replication Services of the clients-repl subversion project. See Replication Services Overview for a description of the overall replication process. This documentation describes the target system specific processing referred to in that documentation.

The ED-LDAP target system specific processing is as follows:

  1. Wait for an SPML message to be sent to its sendSPML() method.
  2. Split the SPML Batch Request into single SPML Requests.
  3. Process each SPML Request in turn.
    1. Determine if the operation is an addRequest or a deleteRequest.
      • addRequest is used both for creating a new ED record and modifying an existing ED record
      • deleteRequest is used for deleting an existing ED record
    2. Perform data manipulation pre-processing, as needed.
    3. Add or delete the record from the ED(s) by making a Ldap call.
  4. Go to 1.

Communication with the ED(s) uses an Ldap connection.

Record Types Replicated

SPML Formats

Template SPML Batch Requests:

Person

addRequest
<batchRequest xmlns:spml="urn:oasis:names:tc:SPML:1:0" xmlns:dsml="http://www.dsml.org/DSML" onError="exit" processing="sequential">
  <spml:addRequest>
    <spml:identifier type="urn:vt.edu:SPML:person">
      <spml:id>uid=1234,ou=People,dc=vt,dc=edu</spml:id>
    </spml:identifier>
    <spml:attributes>
      <dsml:attr name="single-valued-attribute">
        <dsml:value>value</dsml:value>
      </dsml:attr>
      <dsml:attr name="multi-valued-attribute">
        <dsml:value>value1</dsml:value>
        <dsml:value>value2</dsml:value>
      </dsml:attr>
    </spml:attributes>
  </spml:addRequest>
  <spml:addRequest>
    <spml:identifier type="urn:vt.edu:SPML:address">
      <spml:id>uuaid=5678,ou=Addresses,dc=vt,dc=edu</spml:id>
    </spml:identifier>
    <spml:attributes>
      <dsml:attr name="attribute">
        <dsml:value>value</dsml:value>
      </dsml:attr>
      <dsml:attr name="multi-valued-attribute">
        <dsml:value>value</dsml:value>
        <dsml:value>value</dsml:value>
      </dsml:attr>
    </spml:attributes>
  </spml:addRequest>
</batchRequest>
deleteRequest
<batchRequest xmlns:spml="urn:oasis:names:tc:SPML:1:0" xmlns:dsml="http://www.dsml.org/DSML" onError="exit" processing="sequential">
  <spml:deleteRequest>
    <spml:identifier type="urn:vt.edu:SPML:person">
      <spml:id>uid=1234,ou=People,dc=vt,dc=edu</spml:id>
    </spml:identifier>
  </spml:deleteRequest>
</batchRequest>

Group

addRequest
<batchRequest xmlns:spml="urn:oasis:names:tc:SPML:1:0" xmlns:dsml="http://www.dsml.org/DSML" onError="exit" processing="sequential">
  <spml:addRequest>
    <spml:identifier type="urn:vt.edu:SPML:group">
      <spml:id>uugid=abcd,ou=Groups,dc=vt,dc=edu</spml:id>
    </spml:identifier>
    <spml:attributes>
      <dsml:attr name="attribute">
        <dsml:value>value</dsml:value>
      </dsml:attr>
      <dsml:attr name="multi-valued-attribute">
        <dsml:value>value</dsml:value>
        <dsml:value>value</dsml:value>
      </dsml:attr>
    </spml:attributes>
  </spml:addRequest>
</batchRequest>
deleteRequest
<batchRequest xmlns:spml="urn:oasis:names:tc:SPML:1:0" xmlns:dsml="http://www.dsml.org/DSML" onError="exit" processing="sequential">
  <spml:deleteRequest>
    <spml:identifier type="urn:vt.edu:SPML:person">
      <spml:id>uugid=abcd,ou=Groups,dc=vt,dc=edu</spml:id>
    </spml:identifier>
  </spml:deleteRequest>
</batchRequest>

Entitlement

addRequest
<batchRequest xmlns:spml="urn:oasis:names:tc:SPML:1:0" xmlns:dsml="http://www.dsml.org/DSML" onError="exit" processing="sequential">
  <spml:addRequest>
    <spml:identifier type="urn:vt.edu:SPML:group">
      <spml:id>uid=9876,ou=Entitlements,dc=vt,dc=edu</spml:id>
    </spml:identifier>
    <spml:attributes>
      <dsml:attr name="attribute">
        <dsml:value>value</dsml:value>
      </dsml:attr>
      <dsml:attr name="multi-valued-attribute">
        <dsml:value>value</dsml:value>
        <dsml:value>value</dsml:value>
      </dsml:attr>
    </spml:attributes>
  </spml:addRequest>
</batchRequest>
deleteRequest
<batchRequest xmlns:spml="urn:oasis:names:tc:SPML:1:0" xmlns:dsml="http://www.dsml.org/DSML" onError="exit" processing="sequential">
  <spml:deleteRequest>
    <spml:identifier type="urn:vt.edu:SPML:person">
      <spml:id>uid=9876,ou=Entitlements,dc=vt,dc=edu</spml:id>
    </spml:identifier>
  </spml:deleteRequest>
</batchRequest>

Service

addRequest
<batchRequest xmlns:spml="urn:oasis:names:tc:SPML:1:0" xmlns:dsml="http://www.dsml.org/DSML" onError="exit" processing="sequential">
  <spml:addRequest>
    <spml:identifier type="urn:vt.edu:SPML:group">
      <spml:id>uusid=wxyz,ou=Services,dc=vt,dc=edu</spml:id>
    </spml:identifier>
    <spml:attributes>
      <dsml:attr name="attribute">
        <dsml:value>value</dsml:value>
      </dsml:attr>
      <dsml:attr name="multi-valued-attribute">
        <dsml:value>value</dsml:value>
        <dsml:value>value</dsml:value>
      </dsml:attr>
    </spml:attributes>
  </spml:addRequest>
</batchRequest>
deleteRequest
<batchRequest xmlns:spml="urn:oasis:names:tc:SPML:1:0" xmlns:dsml="http://www.dsml.org/DSML" onError="exit" processing="sequential">
  <spml:deleteRequest>
    <spml:identifier type="urn:vt.edu:SPML:person">
      <spml:id>uusid=wxyz,ou=Services,dc=vt,dc=edu</spml:id>
    </spml:identifier>
  </spml:deleteRequest>
</batchRequest>

Error Handling

  1. problem communicating with the ED instance(s)
    • Exit from the sendSPML() method by throwing a ReplException.
    • This causes a resend of the SPML message.
    • This guarantees that no replication message is lost when an ED instance is unavailable.
  2. ED instance problem while processing the requested change
    • Use the Registry Change Bean to log the SPML Request and returned LDAP error code.
    • This guarantees that all replication errors are logged.
    • Exit from the sendSPML() method using normal return because no retry is needed.

Comments

middleware/devel/ed/edldap-repl.txt · Last modified: 2013/04/09 11:07 (external edit)