2 draft-ietf-ldup-infomod-01.txt
7 LDUP Replication Information Model
10 1. Status of this Memo
12 This document is an Internet-Draft and is in full conformance with all
13 provisions of Section 10 of RFC2026.
15 Internet-Drafts are working documents of the Internet Engineering Task
16 Force (IETF), its areas, and its working groups. Note that other
17 groups may also distribute working documents as Internet-Drafts.
19 Internet-Drafts are draft documents valid for a maximum of six months
20 and may be updated, replaced, or obsoleted by other documents at any
21 time. It is inappropriate to use Internet-Drafts as reference material
22 or to cite them other than as "work in progress."
24 The list of current Internet-Drafts can be accessed at
25 http://www.ietf.org/ietf/1id-abstracts.txt.
27 The list of Internet-Draft Shadow Directories can be accessed at
28 http://www.ietf.org/shadow.html.
30 This Internet-Draft expires on May 11, 1999.
35 [LDUP Model] describes the architectural approach to replication of
36 LDAP directory contents. This document describes the information
37 model and schema elements which support LDAP Replication Services
38 which conform to [LDUP Model].
40 Directory schema is extended to provide object classes, subentries,
41 and attributes to describe areas of the namespace which are under
42 common administrative authority, units of replication (ie, subtrees,
43 or partitions of the namespace, which are replicated), servers which
44 hold replicas of various types for the various partitions of the
45 namespace, which namespaces are held on given servers, and the
46 progress of various namespace management and replication operations.
47 Among other things, this knowledge of where directory content is
52 Expires September 9, 2000
\f
55 INTERNET-DRAFT 9 March 2000
56 LDUP Replication Information Model
58 located will provide the basis for dynamic generation of LDAP
59 referrals for clients who can follow them.
61 The controlling framework by which the relationships, types, and
62 health of replicas of the directory content will be defined so that,
63 as much as possible, directory content is itself used to monitor and
64 control the environment.
66 Security information, including access control policy identifiers and
67 information will be treated as directory content by the replication
68 protocols when specified by the LDAPEXT group.
70 The information model will describe required and optional house-
71 keeping duties for compliant systems to implement, such as garbage
72 collection of deleted objects, reconciliation of moved and renamed
73 objects, update sequencing and transaction bracketing of changes, etc.
75 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
76 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
77 document are to be interpreted as described in RFC 2119 [RFC2119]. The
78 sections below reiterate these definitions and include some additional
82 2.1 Changes in this version
84 LDAP Subentry definition is moved to its own document [SUBENTRY].
86 LDAP Schedule Subentry definition is defined.
88 LDAP Access Point removed in favor of just using the DN of the server
89 holding the replica (so a new syntax isn't required).
91 LDAP Change Sequence Number syntax eleminated in favor of just calling
92 it a CaseIgnoreString, so new comparison rules aren't required.
94 Deleted ldapSearchFilter definition from here. Sparse replicas is
95 deferred. Might sparse be supported for single-master configurations
96 (read-only, of course).
98 Fractional are okay in multi-master configurations, but again, only on
101 Changed the naming convention upper-lower case usage to look less
108 Expires September 9, 2000
112 INTERNET-DRAFT 9 March 2000
113 LDUP Replication Information Model
115 Consistency discussion
117 Schema document must clearly indicate that clients can and should
118 inspect the replica subentries to understand the single-master/multi-
119 master nature of the naming context to which they're talking.
121 The paradigm change, to distributed data, needs to be exhaustively
122 discussed in the profile documents. How old applications which assume
123 single-master behave or misbehave in a multi-master environment is
124 critical to make clear. Draw examples from SMP pre-emptive
125 programming practices, from DNS vs host file models, etc.
129 Decisions from wash ietf_
131 1) define two simple schema classes _ event driven histeresis
132 buckets, and cron-like thing. Then, the replica has a single
133 value pointer to a schedule. More schedule things can be
134 defined in the future.
136 2) Create attribute ReplicaURI to provide service access point for
137 that replica. No DSA entry requirement.
139 3) Replica id table discussion should move to protocol spec.
142 1) define the cron schedule subentry class
143 2) define the rest of the attributes used in the classes
144 3) verify LDUP OID number with Novell (!) one more time
145 4) verify all OIDs assigned
146 5) verify all OIDs documented at the end of the document
147 6) scrub editorial comments
148 7) cross reference with arch document on schema element names
165 Expires September 9, 2000
169 INTERNET-DRAFT 9 March 2000
170 LDUP Replication Information Model
173 1. Status of this Memo .............................................1
175 2.1 Changes in this version........................................2
176 3. Introduction ....................................................4
178 3.2 Terms and Definitions..........................................5
179 4. Data design: ....................................................5
180 5. Directory Knowledge .............................................5
182 6.1 Data Structure Definitions.....................................6
183 6.1.1 ldapChangeSequenceNumber..................................6
184 6.2 Attribute Definitions..........................................7
185 6.2.1 attributeExclusionFilter..................................7
186 6.2.2 attributeInclusionFilter..................................8
187 6.2.3 replicaURI................................................8
188 6.2.4 replicationStatus.........................................9
189 6.2.5 replicaType...............................................9
190 6.2.6 SecsToWait Attributes....................................11
191 6.2.6.1 secsToWaitCat1 ........................................11
192 6.2.6.2 secsToWaitCat2 ........................................11
193 6.2.6.3 secsToWaitCat3 ........................................11
194 6.2.6.4 secsToWaitCat4 ........................................11
195 6.2.6.5 secsToWaitCat5 ........................................11
196 6.2.7 updateVector.............................................12
197 6.3 Class Definitions.............................................12
198 6.3.1 nameContext..............................................12
199 6.3.2 replicaSubentry..........................................12
200 6.3.3 replicaAgreementSubentry.................................13
201 6.3.4 eventScheduledSubentry Class.............................14
202 6.3.5 timeScheduledSubentry Class..............................15
203 7. Object Identifier Assignments ..................................15
204 8. Security Considerations ........................................16
205 9. References .....................................................16
206 10. Copyright Notice ...............................................17
207 11. Acknowledgements ...............................................17
208 12. Author's Address ...............................................18
216 This document describes schema of subentries representing replicas,
217 replication agreements and their dependencies.
222 Expires September 9, 2000
226 INTERNET-DRAFT 9 March 2000
227 LDUP Replication Information Model
229 Management and status schema elements may be defined if there is
230 sufficient consensus.
232 Semantic interpretation of schema elements, including any special
233 handling expectations are to be provided here.
236 3.2 Terms and Definitions
238 Definitions are provided in [LDUP Requirements], and may be reproduced
239 here for the convenience of the reader.
245 As described in [LDUP Model], knowledge of replicated portions of the
246 directory information tree (DIT) is stored in the directory itself.
248 An auxiliary class is defined to designate containers, or nodes, in
249 the DIT which are the root-most, or base, of naming contexts
250 [RFC2251]. Directory subentries [X501] are used to hold information
251 about replicas and replica agreements.
255 5. Directory Knowledge
257 Information about what replicas exist, what they contain, their types,
258 where they are stored, and how they may be contacted inevitably
259 provides the basis for distributed directory knowledge. As namespaces
260 from stand-alone servers are inter-connected with one another, this
261 replica information can and will be used by name resolution operations
262 to locate servers holding copies of specific objects, and to optimize
263 distributed searches which span multiple Naming Contexts.
265 However, the focus of this document is NOT to fully enable such
266 distributed directory uses. Instead, we are focused on how portions
267 of the namespace (Directory Information Tree - DIT) may be replicated,
268 and how those replicas are configured and related to one another via
269 Replication Agreements.
271 As such, the following high level description (from [LDUP Model])of
272 the information model envisioned is provided as reference for the
273 reader before presenting the detailed specifications.
275 Generally, the DSE Naming Context attribute of an LDAPv3 server names
276 the Naming Contexts for which there are replicas on that server.
279 Expires September 9, 2000
283 INTERNET-DRAFT 9 March 2000
284 LDUP Replication Information Model
286 The Naming Context Auxiliary Class (nameContext) is added to container
287 objects which may have separately defined replication policy.
289 Immediately subordinate to a Naming Context object are the Replica
290 Subentry containers which identify where the identified replica
291 resides (ie, its LDAP Access Point), its type (Primary, Updateable,
292 ReadOnly), if it is sparse, the LDAP search filter which defines what
293 object classes it holds, and if it is fractional, the attributes it
294 does or does not hold.
296 Immediately subordinate in the namespace to a Replica Subentry are
297 Replication Agreement leaf entries which each identify another
298 Replica, the scheduling policy for replication operations (including
299 times when replication is to be performed, when it is not to be
300 performed, or the policies governing event-driven replication
308 6.1 Data Structure Definitions
310 For the purposes of defining the encoding rules for attribute
311 structures, the BNF definitions in section 4.1 of [RFC2252] will be
312 used. They are based on the BNF styles of [RFC822].
314 To avoid requiring new syntax support to be added unnecessarily to
315 existing LDAPv3 directory service implementations (and the
316 accompanying matching rules, etc. they would entail), a string
317 encoding is defined for ldapChangeSequenceNumber which can use
318 CaseIgnoreString matching rules for ordering and equality.
320 6.1.1 ldapChangeSequenceNumber
322 ( 1.3.6.1.4.1.1466.115.121.1.TBD DESC 'LDAP Change Sequence Number' )
324 Values in this syntax are encoded according to the following BNF.
325 Note there MUST NOT be any whitespace separators, unless they are in
326 replicaID, which must be encoded according to the instructions below.
328 This encoding is specified so that the CaseIgnoreString equality and
329 ordering rules will work correctly when replicaNumber is used.
331 When replicaID is used, CaseIgnoreString comparison rules will not
332 work unless each replicaID is exactly the same length with no padded
336 Expires September 9, 2000
340 INTERNET-DRAFT 9 March 2000
341 LDUP Replication Information Model
343 white spaces (because CaseIgnoreString suppresses duplicate adjacent
344 white space when it compares two strings).
346 LDAPChangeSequenceNumber = GeneralizedZTime "#" S1 "#" replicaID
348 GeneralizedZTime = yyyy | mm | dd | hh | mi | ss | "Z"
349 yyyy = dddd <four digit year, e.g. 1998>
350 mm = dd <two digit month of the year, e.g. 06>
351 dd = dd <two digit day of month, e.g. 17>
352 hh = dd <two digit hour of the day, inclusive range (00..23)>
353 mi = dd <two digit minute of the hour, inclusive range (00..59)>
354 ss = dd <two digit seconds of the minute, inclusive range (00..59)>
356 S1, S2 = numericstring
358 The GeneralizedTime is used as described (cf. [X680] section 39.3 case
359 b) without separators or whitespace, and representing a coordinated
360 universal time (i.e., Greenwich Mean Time, or GMT). All times
361 referenced by this syntax MUST be normalized to GMT - no local times,
362 nor time zone offsets are permitted. To simplify comparisons of two
363 CSNs, the "Z" MUST be the UTF-8 capital-Z character.
365 The ReplicaID represents the specific Replica of this Naming Context
366 where the event associated with this LDAPChangeSequenceNumber
367 occurred. Note that in actual transfer, the ReplicaID MAY be
368 represented by a number (see the specification of the
369 replicaLookupTable, above).
371 S1 and S2 are sequence numbers which are used to order two events with
372 the same Generalized Time and ReplicaID. In order to use string
373 matching rules for equality and ordering with values with this
374 encoding, the length of each field must be consistent. Thus, all
375 instances of S1 MUST be represented with the same number of digits,
376 using leading zeros as necessary. The same with S2 and replicaID.
381 6.2 Attribute Definitions
384 6.2.1 attributeExclusionFilter
386 ( 2.16.840.1.113719.142.4.1 NAME 'attributeExclusionFilter'
388 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
393 Expires September 9, 2000
397 INTERNET-DRAFT 9 March 2000
398 LDUP Replication Information Model
400 The attributeExclusionFilter is intended to contain a list of
401 attributes in the form of an AttributeDescriptionList as described in
402 section 4.5.1. Search Request of [RFC2251] with the following
403 interpretation: an empty attributeExclusionFilter means that no
404 attributes are excluded; the special values "*" and "1.1" mean that
405 ALL attributes are excluded.
407 A non-empty attributeExclusionFilter attribute on a replica subEntry
408 describes the attributes NOT PRESENT on entries held by that replica.
409 Replicas MUST NOT accept changes for attributes they're not permitted
410 to hold, per the attributeInclusionFilter and attributeExclusionFilter
411 attributes on their replica subEntry.
413 A non-empty attributeExclusionFilter attribute on a
414 replicationAgreement subEntry describes which additional attributes
415 are to be excluded from the updates to be sent from the supplier
416 replica to the consumer replica.
419 6.2.2 attributeInclusionFilter
421 ( {2.16.840.1.113719.142.4.2 NAME 'attributeInclusionFilter'
423 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
425 The attributeInclusionFilter is intended to contain a list of
426 attributes in the form of an AttributeDescriptionList as described in
427 section 4.5.1. Search Request of [RFC2251] with the following
428 interpretation: an empty attributeInclusionFilter means that all
429 attributes are included; the special value "*" means that ALL
430 attributes are included; the special value "1.1" is meaningless and is
431 ignored in this usage.
433 A non-empty attributeInclusionFilter attribute on a replica subEntry
434 describes the attributes that may be PRESENT on entries held by that
435 replica. Replicas MUST NOT accept changes for attributes they're not
436 permitted to hold, per the attributeIncludionFilter and
437 attributeExclusionFilter attributes on their replica subEntry.
442 (2.16.840.1.113719.142.4.x NAME `replicaURI'
443 DESC `how to connect to this replica'
450 Expires September 9, 2000
454 INTERNET-DRAFT 9 March 2000
455 LDUP Replication Information Model
457 6.2.4 replicationStatus
459 (2.16.840.1.113719.142.4.3 NAME 'replicationStatus'
460 DESC 'human readable status of last replication attempt'
461 SYNTAX DirectoryString
462 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
465 The replicationStatus attribute MAY be used to hold a human readable
466 message describing the most recent replication session attempt for a
467 replicationAgreement.
469 For example, such a messages might include
471 1) 19980805162203Z # Success #
473 2) 19980805162322Z # Failure # Server too busy, try again
475 3) 19980805170215Z # Failure # Unable to connect to DSA
477 4) 19980806002301Z # Failure # Authentication failed
479 5) 19980806003201Z # Failure # lost connection, reset by peer
481 It is suggested, but not required, that the time of a replication
482 attempt (completion, if successful or failure, if not), the result of
483 the attempt, and any additional information about a failure be
484 included in the string message.
486 It is suggested, but not required, that the messages be stored with
487 language tags (English, French, German, Japanese, Chinese, per [LANG
488 TAG]) particularly if multiple translations of the error messages are
489 available to the DSA implementers.
491 Note that this is a single-valued attribute. Sequences of status
492 entries SHOULD be written to log files or other persistent storage, or
493 in multi-valued replication history attributes, but are not specified
499 (2.16.840.1.113719.142.4.4 NAME 'replicaType'
500 DESC 'Enum: 0-reserved, 1-Primary, 2-Updateable, 3-ReadOnly, all
502 EQUALITY integerMatch
504 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
507 Expires September 9, 2000
511 INTERNET-DRAFT 9 March 2000
512 LDUP Replication Information Model
514 ReplicaType is a simple enumeration, used to identify what kind of
515 replica is being described in a Replica object entry.
517 A ReadOnly replica only accepts LDAP Search operations (to Read
518 entries, list containers, and search for entries). Because no updates
519 ever originate from ReadOnly replicas, they never have changes to send
520 to another replica. However, a ReadOnly replica may be designated a
521 supplier DSA in a replica agreement, if it is simply passing along
522 information it receives from other Updateable replicas about entries
525 ReadOnly replicas may be incomplete replicas.
527 An Updateable replica may accept both LDAP Search operations (to read,
528 list, or search entries), as well as modification operations (to add,
529 modify, or delete entries).
531 The consequences of having incomplete updateable replicas are not
532 fully understood. LDAP DSAs MAY require updateable replicas to be
535 A Primary replica is an Updateable replica, but it is "more special"
536 than other Updateable replicas. When LDAP application want to direct
537 their operations to a single replica, so that the application can be
538 sure that all application LDAP modification (add, delete, modify)
539 operations will be immediately visible to application readers, the
540 Primary replica is a good choice. Such a use would be consistent with
541 High Confidence DAP option [X518]. One such application might be a
542 management application which creates new naming contexts or joins two
543 naming contexts into a single naming context. Another application
544 might be one which creates new replicas, or replication agreements.
546 There SHOULD be only one Primary replica defined for a naming context
547 at any time. If applications, expecting there to be a Primary replica
548 discover, by search or inspection of ReplicaType attributes of the
549 defined Replicas of a naming context, find more than one _ they should
550 realize that something is wrong.
552 There MAY be NO primary replica defined for a naming context.
554 Primary replicas MAY NOT be incomplete replicas.
556 The way in which replicas change their type, as from ReadOnly to
557 Updateable, or Updateable to Primary is outside the scope of this
560 Section 5.1 "Replica Type" of [LDUP MODEL] details the permissible
561 combinations of replica types and sparse/fractional replicas.
564 Expires September 9, 2000
568 INTERNET-DRAFT 9 March 2000
569 LDUP Replication Information Model
571 6.2.6 SecsToWait Attributes
573 The secsToWait attributes document the number of seconds a replica is
574 to wait after the occurrence of a "category n" change event before
575 initiating a new replication session for replicationAgreements
576 governed by an eventScheduledSubentry. The definition of a "category
577 n" change event is implementation dependent, and may be defined
578 differently by different directory servers. The absence of a value
579 for any of these attributes MUST be interpreted as meaning "do not
580 initiate a replication session for change events of this category".
583 6.2.6.1 secsToWaitCat1
585 ( 2.16.840.1.113719.142.4.5.1 NAME 'secsToWaitCat1'
590 6.2.6.2 secsToWaitCat2
592 ( 2.16.840.1.113719.142.4.5.2 NAME 'secsToWaitCat2'
597 6.2.6.3 secsToWaitCat3
599 ( 2.16.840.1.113719.142.4.5.3 NAME 'secsToWaitCat3'
604 6.2.6.4 secsToWaitCat4
606 ( 2.16.840.1.113719.142.4.5.4 NAME 'secsToWaitCat4'
611 6.2.6.5 secsToWaitCat5
613 ( 2.16.840.1.113719.142.4.5.5 NAME 'secsToWaitCat5'
621 Expires September 9, 2000
625 INTERNET-DRAFT 9 March 2000
626 LDUP Replication Information Model
630 ( 2.16.840.1.113719.142.4.6 NAME 'updateVector'
631 SYNTAX ldapChangeSequenceNumberSyntax
632 NO-USER-MODIFICATION USAGE dSAOperation )
634 The attribute updateVector is a multi-valued attribute which contains
635 information for a replica describing the latest changes received by
636 the replica from other replicas.
638 There may be only one ldapChangeSequenceNumber entry from each replica
639 in the updateVector. That is to say, there is a unique value
640 constraint on the ReplicaID component of entries in the list.
643 6.3 Class Definitions
648 ( 2.16.840.1.113719.142.6.2.1 NAME 'nameContext' SUP top AUXILIARY )
651 The nameContext auxiliary class, when present on an object, indicates
652 the beginning, or root, of a naming context. The naming context is
653 said to be rooted at the entry with the nameContext auxiliary class in
654 its list of object classes. The root-most entry of a naming context
655 is the entry with the nameContext auxiliary class in its list of
658 Characteristics of the replication topology of a naming context are
659 defined in the replicaSubentry sub-entries associated with the naming
662 The attribute accessControlPolicyOID has been removed from here, and
663 should be published as an ldapSubEntry subordinate to the nameContext,
666 The attribute nameContextCreationTimestamp used here in previous
667 drafts has been eliminated as redundant. The ldapChangeSequenceNumber
668 associated with the nameContext value in the list of objectClasses
669 attribute serves the same purpose.
672 6.3.2 replicaSubentry
674 ( 2.16.840.1.113719.142.6.3.1 NAME 'replicaSubentry' SUP ldapSubEntry
678 Expires September 9, 2000
682 INTERNET-DRAFT 9 March 2000
683 LDUP Replication Information Model
685 MUST (cn, replicaURI, replicaType)
686 MAY (attributeExclusionFilter, attributeInclusionFilter,
687 description, updateVector) )
689 Entries of type replicaSubentry MAY be named by their cn attribute.
691 The attributes attributeExclusionFilter and attributeInclusionFilter,
692 if present, govern which entries and attributes from the local naming
693 context are to be sent (or not sent) to the replica named in replicaDN
694 of replica agreements for this replica. The attributeExclusionFilter
695 names attributes which SHOULD NOT be sent. The
696 attributeInclusionFilter names attributes which SHOULD be sent.
698 The attribute replicaURI contains information in ldapURI format that
699 can be used to contact (ie, open a connection to) this replica.
701 The attribute description contains a human-readable description of the
704 The attribute updateVector contains a set of
705 ldapChangeSequenceNumbers, one for each of the other replicas for this
706 naming context, which records, from this replicas perspective, the
707 last change event received from the other indicated replica.
710 6.3.3 replicaAgreementSubentry
712 ( 2.16.840.1.113719.142.6.4.1 NAME 'replicaAgreementSubentry'
713 SUP ldapSubEntry STRUCTURAL
715 MAY ( attributeExclusionFilter, description, replicaDN,
716 replicationMechanismOID, replicationStatus, scheduleDN ) )
718 Entries of type replicaAgreementSubentry MAY be named by their cn
721 The attributes attributeExclusionFilter, and ldapSearchFilter, if
722 present, govern which entries and attributes from the local naming
723 context are to be sent (or not sent) to the replica named in
724 replicaDN. The attributeExclusionFilter names attributes SHOULD NOT be
725 sent. Note there is no attributeInclusionFilter, because the list of
726 attributes that may be sent may not be extended beyond those
727 documented in the attributeInclusionFilter on the replicaSubentry.
729 Processing of allowable changes to be sent is as follows:
731 1) the attributeInclusionFilter from the replica subentry defines a
732 set of attributes which SHOULD be sent, less exclusions;
735 Expires September 9, 2000
739 INTERNET-DRAFT 9 March 2000
740 LDUP Replication Information Model
742 2) the union of attributes excluded by the attributeExclusionFilter
743 from the replicasubentry and the attributeExclusionFilter from the
744 replicaAgreementSubentry defines a set of attributes which SHOULD
747 3) the subtraction of attributes which SHOULD NOT be sent by (2) from
748 the attributes which SHOULD be sent by (1) constitute the set of
749 attributes for which changes MAY be sent.
751 The attribute description contains a human-readable description of the
754 The attribute replicaDN of syntax DN names another sub-entry of type
755 replicaSubentry to whom changes are to be sent. If there is no value
756 for the replicaDN attribute on a replicaAgreementSubentry, the
757 replicaAgreementSubentry is ignored. Absence of a value may occur
758 briefly when replicas and replica agreements are first being created,
759 or when the replica to which a replica agreement applies is being
762 The attribute replicationStatus MAY be used to record the most recent
763 result of an attempt to send changes to the replica named in
764 replicaDN, whether success, or if failure, the nature of the problem
767 The attribute schedule, if present, names one or more entries of type
768 scheduleSubentry which govern the schedule for replication attempts.
769 If not present, replication MUST be attempted when there are changes
773 6.3.4 eventScheduledSubentry Class
775 ( 2.16.840.1.113719.142.6.1.1 NAME 'eventScheduledSubentry'
776 SUP ldapSubEntry STRUCTURAL
778 MAY ( description, secsToWaitCat1, secsToWaitCat2, secsToWaitCat3,
779 secsToWaitCat4, secsToWaitCat5 ) )
781 Note that replication agreements using eventScheduledSubentry policy
782 are, by definition, supplier-initiated.
784 The description attribute may be used by the administrator to document
785 or comment on this subentry.
787 The secsToWaitCat1 attribute documents the number of seconds a replica
788 is to wait after the occurrence of a "category 1" change event before
789 initiating a new replication session for replicationAgreements
792 Expires September 9, 2000
796 INTERNET-DRAFT 9 March 2000
797 LDUP Replication Information Model
799 governed by this eventScheduledSubentry. The definition of a
800 "category 1" change event is implementation dependent, and may be
801 defined differently by different directory servers. The absence of a
802 value for this attribute MUST be interpreted as meaning "do not
803 initiate a replication session for change events of this category".
805 The secsToWaitCat2 _ secsToWaitCat5 attributes are similarly defined
806 for their respective categoriess of change events.
808 6.3.5 timeScheduledSubentry Class
810 ( 2.16.840.1.113719.142.6.5.1 NAME 'timeScheduledSubentry'
811 SUP ldapSubEntry STRUCTURAL
813 MAY ( description ) )
818 7. Object Identifier Assignments
820 The LDUP OID prefix is
822 ID ::= OBJECT IDENTIFIER
824 ldup ID ::= { joint-iso-ccitt(2) country(16) us(840)
825 organization(1) novell(113719) ldup(142) }
827 The OID assignments defined in this document are:
830 attributeExclusionFilter ID ::= 2.16.840.1.113719.142.4.1
831 attributeInclusionFilter ID ::= 2.16.840.1.113719.142.4.2
832 replicationStatus ID ::= 2.16.840.1.113719.142.4.3
833 replicaType ID ::= 2.16.840.1.113719.142.4.4
834 secsToWaitClass1 ID ::= 2.16.840.1.113719.142.4.5.1
835 secsToWaitClass2 ID ::= 2.16.840.1.113719.142.4.5.2
836 secsToWaitClass3 ID ::= 2.16.840.1.113719.142.4.5.3
837 secsToWaitClass4 ID ::= 2.16.840.1.113719.142.4.5.4
838 secsToWaitClass5 ID ::= 2.16.840.1.113719.142.4.5.5
839 updateVector ID ::= 2.16.840.1.113719.142.4.6
842 eventScheduledSubentry ID ::= 2.16.840.1.113719.142.6.1.1
843 nameContext ID ::= 2.16.840.1.113719.142.6.2.1
844 replicaSubentry ID ::= 2.16.840.1.113719.142.6.3.1
845 replicaAgreementSubentry ID ::= 2.16.840.1.113719.142.6.4.1
846 timeScheduledSubentry ID ::= 2.16.840.1.113719.142.6.5.1
849 Expires September 9, 2000
853 INTERNET-DRAFT 9 March 2000
854 LDUP Replication Information Model
857 Note: Object Class OIDs have version numbers, Attribute OIDs don't.
860 8. Security Considerations
862 Many of the attributes and object classes described in this document
863 should be considered _security sensitive_, and protected from
864 unintended modification by LDAP servers. Generally, creating Naming
865 Contexts, Replicas and Replica Agreement entries should only be
866 allowed by directory administrators who are authorized to do so.
868 The values of attributes defined here are intended to control the
869 behavior of the directory service agents, themselves. Unintended
870 modification of their values may result in incomplete replication of
871 data (if ldapSearchFilter or attributeExclusionFilter are changed),
872 inappropriate disclosure of information (if attributeInclusionFilter
873 is changed), or updates may be lost (if updateVector is changed).
875 To avoid depending to much on the ldapAccessPoint values for other
876 replicas, connections between LDAP servers for the purpose of
877 replication MUST ALWAYS be authenticated using an authentication
878 mechanism appropriate for the nature of information to be exchanged.
884 [LANG TAG] _ M. Wahl, T. Howes, _Use of Language Codes in LDAP_,
885 Internet draft, draft-ietf-ldapext-lang-01.txt
887 [LDUP Model] - J. Merrells, E. Reed, U. Srinivisan, _An Abstract Model
888 of LDAP Replication_, Internet draft, draft-merrells-ldup-model-01.txt
890 [LDUP Requirements] - R. Weiser, E. Stokes _LDAP Replication
891 Requirements_, Internet draft, draft-weiser-replica-req-02.txt, April
894 [RFC2251] _ M. Wahl, T. Howes, S. Kille, _Lightweight Directory Access
895 Protocol (v3)_, December 1997, RFC 2251
897 [RFC2252] _ M. Wahl, A. Coulbeck, T. Howes, S. Kille, _Lightweight
898 Directory Access Protocol (v3): Attribute Syntax Definitions_,
899 December 1997, RFC 2252
901 [X525] - ITU-T Recommendation X.525 (1997) | ISO/IEC 9594-9:1997,
902 Information Technology _ Open Systems Interconnection _ The Directory:
906 Expires September 9, 2000
910 INTERNET-DRAFT 9 March 2000
911 LDUP Replication Information Model
913 [X680] - ITU-T Recommendation X.680 (1994) | ISO/IEC 8824-1:1995,
914 Information technology _ Abstract Syntax Notation One (ASN.1):
915 Specification of Basic Notation
921 Copyright (C) The Internet Society (1999). All Rights Reserved.
923 This document and translations of it may be copied and furnished to
924 others, and derivative works that comment on or otherwise explain it
925 or assist in its implmentation may be prepared, copied, published and
926 distributed, in whole or in part, without restriction of any kind,
927 provided that the above copyright notice and this paragraph are
928 included on all such copies and derivative works. However, this
929 document itself may not be modified in any way, such as by removing
930 the copyright notice or references to the Internet Society or other
931 Internet organizations, except as needed for the purpose of developing
932 Internet standards in which case the procedures for copyrights defined
933 in the Internet Standards process must be followed, or as required to
934 translate it into languages other than English.
936 The limited permissions granted above are perpetual and will not be
937 revoked by the Internet Society or its successors or assigns.
939 This document and the information contained herein is provided on an
940 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
941 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT
942 NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN
943 WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
944 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."
949 The use of subEntry object class to store Replica and Replication
950 Agreement information is due primarily to the lucid explanation by
951 Mark Wahl, Innosoft, of how they could be used and extended.
953 The IETF takes no position regarding the validity or scope of any
954 intellectual property or other rights that might be claimed to pertain
955 to the implementation or use of the technology described in this
956 document or the extent to which any license under such rights might or
957 might not be available; neither does it represent that it has made any
958 effort to identify any such rights. Information on the IETF's
959 procedures with respect to rights in standards-track and standards-
960 related documentation can be found in BCP-11. Copies of claims of
963 Expires September 9, 2000
967 INTERNET-DRAFT 9 March 2000
968 LDUP Replication Information Model
970 rights made available for publication and any assurances of licenses
971 to be made available, or the result of an attempt made to obtain a
972 general license or permission for the use of such proprietary rights
973 by implementors or users of this specification can be obtained from
974 the IETF Secretariat.
976 The IETF invites any interested party to bring to its attention any
977 copyrights, patents or patent applications, or other proprietary
978 rights which may cover technology that may be required to practice
979 this standard. Please address the information to the IETF Executive
991 E-mail: eer@oncalldba.com
993 LDUP Mailing List: ietf-ldup@idc.org
1020 Expires September 9, 2000