Browse Prior Art Database

Method and Apparatus for Partial replication of Ldap entries Disclosure Number: IPCOM000167071D
Original Publication Date: 2008-Jan-30
Included in the Prior Art Database: 2008-Jan-30
Document File: 3 page(s) / 82K

Publishing Venue



This inventon describes method and apparatus required for partial replication of ldap entries from supplier to consumer server. The main objective of this invention is to allow a directory administrator to be able to control which object classes and what attributes of these object classes are sent to consumer servers (partially replicating an ldap entry). Consider an ldap entry having attributes cn, sn, userpassword and description. The directory administrator can enhance the replication bandwidth by deciding which entries and its corresponding attributes need to be replicated or not, like entries of object class person to be replicated with 'cn, sn, and userPassword' attribute and 'description' attribute not to be replicated, depending on deployment requirements. dn: cn=Tom Hillary,o=ibm,c=us objectclass: person objectclass: top cn: Tom sn: Hillary userpassword: tom123 descripton: This is Tom's entry working in Finance department. After filtering of attribute 'description', the entry looks as shown below dn: cn=Tom Hillary,o=ibm,c=us objectclass: person objectclass: top cn: TomA sn: Hillary userpassword: tom123

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 36% of the total text.

Page 1 of 3

Method and Apparatus for Partial replication of Ldap entries

Name: Sunil M Ranahandola, Sangmesh B Tarali

Replication agreement defines information contained in the directory about the 'connection' or 'replication path' between two servers. A replication filter may be associated with a particular replication
agreement.The replication filter will be based on object class i.e. object class level filtering. A set of attributes pertaining to an object class constitutes a replication filter. The list of attributes selected for an object class can be either inclusion list or exclusion list. The inclusion list is list of attributes that will be selected for replication and exclusion list is list of attributes that will NOT be selected for replication. The exclusion list is specified with an NOT (!) operator.

In order to make a single filter definition available to multiple agreements, we have the following schema modifications to TDS v6.0:

1.The filter specification will be defined in an attribute ibm-replicationFilterAttr. This attribute belongs to a new structural object class ibm-replicationFilter.

The replication agreement entry will have two new optional attributes:

ibm-replicationFilterDN, which points to the filter entry described in point 1 above.

ibm-replicationCreateMissingEntries, which is a flag to decide whether or not to create missing parent entries on the consumer. Refer section "Create missing parent entries on consumer" for details

The syntax of ibm-replicationFilterAttr attribute is shown below. An attempt to add a filter value that deviates from this grammar will be rejected with an LDAP_CONSTRAINT_VIOLATION error code. Additional information associated with the error will show the reason as "Invalid replication filter definition".

The filter definition is a colon separated string, with the first part defining the objectclass filter and the second part defining either the attribute inclusion or attribute exclusion list.

ibm-replicationFilterAttr = "(" whsp "objectclass" whsp "=" whsp ocspec whsp
")" whsp ":" whsp ["!"] whsp "(" attrspec ")"
ocspec = ocname | "*"

whsp = [ space ]

attrspec = attrlist | "*"

attrlist = attrname * ( "," attrname )
where ocname represents an object class name and attrname represents an attribute type name. Note: Above grammar is based on BNF style from RFC 822. The notation like * (xyz) indicates zero or more occurrences of xyz.

The table below lists the valid syntaxes.

Syntax Remarks







For e.g. (objectclass=person):!(telephonenumber, employeeNumber)

This replicates all attributes except telephonenumber and employeeNumber for entries of objectclass person.

(objectclass=*):(*) Since, filter attribute is multi-valued, if one of the values is a filter of this type, then this filter value is applicable for all



For e.g. (objectclass=person):(cn,sn,userpassword)

This replicates only cn, sn, and userpassword for an update...