Lightweight Directory Access Protocol (version 3) Replication Requirements
RFC 3384
Document | Type | RFC - Informational (October 2002; No errata) | |
---|---|---|---|
Authors | Ryan Moats , Ellen Stokes , Rick Huber , Russel Weiser | ||
Last updated | 2015-10-14 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 3384 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Patrik Fältström | ||
IESG note |
Allison:It requires minimum Mandatory-to-implement encryption, but fails to do same for integrity. It needs a statement that avoidance of congestion and over-chattiness of the replication protocol must be considered in the Design. Responsible: RFC Editor |
||
Send notices to | <capple@dsi-consulting.net> |
Network Working Group E. Stokes Request for Comments: 3384 IBM Category: Informational R. Weiser Digital Signature Trust R. Moats Lemur Networks R. Huber AT&T Laboratories October 2002 Lightweight Directory Access Protocol (version 3) Replication Requirements Status of this Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2002). All Rights Reserved. Abstract This document discusses the fundamental requirements for replication of data accessible via the Lightweight Directory Access Protocol (version 3) (LDAPv3). It is intended to be a gathering place for general replication requirements needed to provide interoperability between informational directories. Table of Contents 1 Introduction...................................................2 2 Terminology....................................................3 3 The Models.....................................................5 4 Requirements...................................................7 4.1 General........................................................7 4.2 Model..........................................................8 4.3 Protocol.......................................................9 4.4 Schema........................................................10 4.5 Single Master.................................................10 4.6 Multi-Master..................................................11 4.7 Administration and Management.................................11 4.8 Security......................................................12 5 Security Considerations.......................................13 6 Acknowledgements..............................................13 Stokes, et. al. Informational [Page 1] RFC 3384 LDAPv3 Replication Requirements October 2002 7 References....................................................13 A Appendix A - Usage Scenarios..................................15 A.1 Extranet Example..............................................15 A.2 Consolidation Example.........................................15 A.3 Replication Heterogeneous Deployment Example..................16 A.4 Shared Name Space Example.....................................16 A.5 Supplier Initiated Replication................................16 A.6 Consumer Initiated Replication................................17 A.7 Prioritized attribute replication.............................17 A.8 Bandwidth issues..............................................17 A.9 Interoperable Administration and Management...................18 A.10 Enterprise Directory Replication Mesh.........................18 A.11 Failure of the Master in a Master-Slave Replicated Directory..19 A.12 Failure of a Directory Holding Critical Service Information...19 B Appendix B - Rationale........................................20 B.1 Meta-Data Implications........................................20 B.2 Order of Transfer for Replicating Data........................20 B.3 Schema Mismatches and Replication.............................21 B.4 Detecting and Repairing Inconsistencies Among Replicas........22 B.5 Some Test Cases for Conflict Resolution in Multi-Master Replication...................................................23 B.6 Data Confidentiality and Data Integrity During Replication....27 B.7 Failover in Single-Master Systems.............................27 B.8 Including Operational Attributes in Atomic Operations.........29 Authors' Addresses............................................30 Full Copyright Statement......................................31 1 Introduction Distributing directory information throughout the network provides a two-fold benefit: (1) it increases the reliability of the directory through fault tolerance, and (2) it brings the directory content closer to the clients using the data. LDAP's success as an access protocol for directory information is driving the need to distribute LDAP directory content within the enterprise and Internet. Currently, LDAP does not define a replication mechanism, and mentions LDAP shadow servers (see [RFC2251]) in passing. A standard mechanismShow full document text