Lightweight Directory Access Protocol (version 3) Replication Requirements
RFC 3384
Document Type RFC - Informational (October 2002; No errata)
Last updated 2015-10-14
Stream IETF
Formats plain text html pdf htmlized bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 3384 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Patrik Fältström
IESG note Allison:It requires minimum Mandatory-to-implement encryption, but fails to do same for integrity. It needs a statement that avoidance of congestion and over-chattiness of the replication protocol must be considered in the Design.
Responsible: RFC Editor
Send notices to <capple@dsi-consulting.net>
Email authors Email WG IPR References Referenced by Nits 
Network Working Group                                          E. Stokes
Request for Comments: 3384                                           IBM
Category: Informational                                        R. Weiser
                                                 Digital Signature Trust
                                                                R. Moats
                                                          Lemur Networks
                                                                R. Huber
                                                       AT&T Laboratories
                                                            October 2002

           Lightweight Directory Access Protocol (version 3)
                       Replication Requirements

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

Abstract

   This document discusses the fundamental requirements for replication
   of data accessible via the Lightweight Directory Access Protocol
   (version 3) (LDAPv3).  It is intended to be a gathering place for
   general replication requirements needed to provide interoperability
   between informational directories.

Table of Contents

   1    Introduction...................................................2
   2    Terminology....................................................3
   3    The Models.....................................................5
   4    Requirements...................................................7
   4.1  General........................................................7
   4.2  Model..........................................................8
   4.3  Protocol.......................................................9
   4.4  Schema........................................................10
   4.5  Single Master.................................................10
   4.6  Multi-Master..................................................11
   4.7  Administration and Management.................................11
   4.8  Security......................................................12
   5    Security Considerations.......................................13
   6    Acknowledgements..............................................13

Stokes, et. al.              Informational                      [Page 1]
RFC 3384            LDAPv3 Replication Requirements         October 2002

   7    References....................................................13
   A    Appendix A - Usage Scenarios..................................15
   A.1  Extranet Example..............................................15
   A.2  Consolidation Example.........................................15
   A.3  Replication Heterogeneous Deployment Example..................16
   A.4  Shared Name Space Example.....................................16
   A.5  Supplier Initiated Replication................................16
   A.6  Consumer Initiated Replication................................17
   A.7  Prioritized attribute replication.............................17
   A.8  Bandwidth issues..............................................17
   A.9  Interoperable Administration and Management...................18
   A.10 Enterprise Directory Replication Mesh.........................18
   A.11 Failure of the Master in a Master-Slave Replicated Directory..19
   A.12 Failure of a Directory Holding Critical Service Information...19
   B    Appendix B - Rationale........................................20
   B.1  Meta-Data Implications........................................20
   B.2  Order of Transfer for Replicating Data........................20
   B.3  Schema Mismatches and Replication.............................21
   B.4  Detecting and Repairing Inconsistencies Among Replicas........22
   B.5  Some Test Cases for Conflict Resolution in Multi-Master
        Replication...................................................23
   B.6  Data Confidentiality and Data Integrity During Replication....27
   B.7  Failover in Single-Master Systems.............................27
   B.8  Including Operational Attributes in Atomic Operations.........29
        Authors' Addresses............................................30
        Full Copyright Statement......................................31

1  Introduction

   Distributing directory information throughout the network provides a
   two-fold benefit: (1) it increases the reliability of the directory
   through fault tolerance, and (2) it brings the directory content
   closer to the clients using the data.  LDAP's success as an access
   protocol for directory information is driving the need to distribute
   LDAP directory content within the enterprise and Internet.
   Currently, LDAP does not define a replication mechanism, and mentions
   LDAP shadow servers (see [RFC2251]) in passing.  A standard mechanism
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools