2019-11-06, 10:50–11:35, Main Conference Room
While the Syncrepl replication protocol has been used in OpenLDAP for many years, few other directory implementations have adopted it. To improve interoperability, the syncrepl consumer in OpenLDAP has
been extended to support other legacy replication mechanisms such as SunDS-style retro-changelog
replication, as well as Microsoft ActiveDIrectory DirSync protocol. This talk will describe the changes made to support these additional replication mechanisms, and the capabilities they provide to OpenLDAP
deployments.
The Content Sync Replication mechanism for LDAP was published in RFC4533 in 2006, and OpenLDAP has been developing this mechanism since 2003. Despite being published as an open specification, other directory implementors have been slow to adopt it. (ApacheDS appears to be the only other project adopting it, in 2010).
Now that implementations like SunDS have reached end of life, many enterprises are looking to migrate their legacy directory deployments to a supported OpenLDAP installation. Likewise, many enterprises that were able to use Microsoft ActiveDirectory when they were smaller, have outgrown it and are looking to take advantage of the proven scalability that OpenLDAP offers. The lack of a common replication protocol between these directory systems hinders these migrations.
The syncrepl consumer in OpenLDAP has always had the ability to support SunDS-style retro-changelog replication, but the demand for it was never high so the fleshing out of the feature was never a priority. Now that the directory software landscape is changing, and demand has increased, the retro-changelog support has been completed. Similarly, the support for Microsoft's DirSync has also been added to the syncrepl consumer. There are of course some caveats for these features, due to schema differences between these server implementations. This talk will cover the capabilities and compromises needed to support interoperability with these disparate systems.