1 INTERNET-DRAFT Russel F. Weiser
2 Informational Draft Digital Signature Trust Co.
3 Expires 21 April 2000 Ellen Stokes
11 LDAP V3 Replication Requirements
13 <draft-ietf-ldup-replica-req-02.txt>
21 This document is am Internet-Draft and is in full conformance with
22 all provisions of Section 10 of RFC2026.
25 Internet-Drafts are working documents of the Internet Engineering
26 Task Force (IETF), its areas, and its working groups. Note that
27 other groups may also distribute working documents as Internet-
31 Internet-Drafts are draft documents valid for a maximum of six
32 months and may be updated, replaced, or obsoleted by other documents
33 at any time. It is inappropriate to use Internet-Drafts as
34 reference material or to cite them other than as ``work in
38 The list of current Internet-Drafts can be accessed at
39 http://www.ietf.org/ietf/lid-abstracts.txt
42 The list of Internet-Drafts Shadow Directories can be accessed at
43 http://www.ietf.org/shadow.html.
51 This document discusses the fundamental requirements for replication
52 of data accessible via the LDAPv3 [RFC2251] protocol. It is intended
53 to be a gathering place for general replication requirements needed
54 to provide interoperability between informational directories.
57 The key words MUST, MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
58 SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
59 document are to be interpreted as described in [RFC2119].
67 Weiser & Stokes 21 April 2000 [PAGE 1]
\f
70 INTERNET-DRAFT LDAP Replication Requirements 21 October 1999
81 1.Introduction.....................................................3
82 2. Terminology.....................................................3
83 3. Objective.......................................................5
84 4. Applicability Statement.........................................5
85 5. Replication Model..............................................10
86 6. Replication Protocol...........................................12
87 7. Schema.........................................................13
88 8. Administration and Management Considerations...................13
89 9. Acknowledgement................................................14
90 10. References....................................................15
91 11. Author's Address..............................................15
131 Weiser & Stokes 21 April 2000 [Page 2]
\f
134 INTERNET-DRAFT LDAP Replication Requirements 21 October 1999
147 The ability to distribute directory information throughout the
148 network provides a two fold benefit to the network: (1) increasing
149 the reliability of the directory through fault tolerance, and
150 (2) brings the directory content closer to the clients using the
151 data. LDAPÆs acceptance as an access protocol for directory
152 information is driving the need to distribute LDAP directory content
153 among servers within enterprise and Internet. Currently LDAP does
154 not define a replication mechanism and only generally mentions LDAP
155 shadow servers (see [RFC2251] and [Changelog]) in passing. The
156 requirements for replication are critical to the successful
157 deployment and acceptance of LDAP in the market place.
164 For the purposes of this document, the following terminology
165 definitions are used:
168 Area of replication - A whole or portion of a directory tree(DIT)
169 making up a distinct unit of data to be replicated. This may also be
170 known as "unit of replication".
172 Atomic operation - The ability to treat and contain several updates
173 or attribute changes as a single operation for replication purposes
174 to guarantee that the several updates or attribute changes are
175 propagated to a replica as a single unit.
177 Authoritative Master Replica - The Primary updateable replica of the
178 replicated information.
181 Conflict resolution - Deterministic procedures within replication
182 protocols, utilized to resolve change information conflicts that may
183 arise due to conflicting changes affecting a directory entry.
186 Fractional replication - The capability to replicate a subset of
187 attributes of any given entry.
189 Incremental Update - The process of updating a replica, or copy, of
190 a naming context, by updating only those fields or objects which
194 Master Slave, or Single Master Replication - Replication model that
195 assumes only one server, the master, allows write access to the
196 replicated data. Note that Master-Slave replication can be
197 considered a proper subset of multi-master replication.
201 Weiser & Stokes 21 April 2000 [Page 3]
\f
204 INTERNET-DRAFT LDAP Replication Requirements 21 October 1999
212 Multi-Master Replication - A replication model where entries can be
213 written and updated on any of several updateable replica copies
214 without requiring communication with other updateable replicas
215 before the write or update is performed.
218 Naming Context - Suffix of a Sub-tree. A sub-tree of entries held in
219 a single server [X.500].
222 One-way Replication - The process of synchronization in a single
223 direction where the authoritative source information is provided to
227 Partial Replication - The capability to replicate some subset of
228 entries in a naming context.
231 Propagation behavior - The general behavior of the actual
232 synchronization process between a consumer and a provider of
233 replication information.
235 Read-only Replica - A read-only copy of a replicated directory. A
236 read-only replica is assumed to be a slave replica of master slave
237 or single master replication definition.
240 Replica - A single instance of a whole or portion of the Directory
241 tree (DIT) as defined by area of replication.
244 Replica Ring - A set of servers, which hold in common the same DIT
245 information as, defined by ôArea of replicationö. These servers may
246 be managed under a single replication agreement that handles all
247 members of the set of servers as a group.
250 Replica Cycle - When a change or groups of changes need to be
251 propagated to the other member of a replica ring. The process of
252 contacting a replica member would be considered the beginning of a
253 replication cycle; the termination of communications with a replica
254 is the end of the cycle whether its due to an error or successful
255 exchange of update records.
258 Replication - The process of copying portions of naming context
259 information and content between multiple LDAP servers, such that
260 certain predefined portions of the information are available from
261 different servers. Replication can occur between either homogeneous
262 implementations across heterogeneous platforms (operating systems)
263 or heterogeneous implementations supporting identical replication
264 across heterogeneous platforms (operating systems).
267 Sparse Replica - A incomplete copy of a sub-tree which maybe
268 inclusive with updateable, or Read-only. See Partial replication and
273 Weiser & Stokes 21 April 2000 [Page 4]
\f
276 INTERNET-DRAFT LDAP Replication Requirements 21 October 1999
282 Fractional replication.
285 Topology - Refers to the shape of the directed graph describing the
286 relationships between replicas, as in the replicated directory
290 Two-way Replication - The process of synchronization where change
291 information may flow bi-directionally between two replica.
293 Update Propagation - Protocol-based process by which directory
294 replicas are reconciled.
297 Updateable Replica - A Non-authoritative read-writeable copy of the
298 replicated information. Such that during conflict resolution a
299 authoritative master takes precedents in resolving conflicts.
306 The major objective is to provide an interoperable LDAP V3 directory
307 synchronization protocol which is simple, highly efficient and
308 flexible enough to support both multi-master and master-slave
309 replication operations to meet the needs of both the internet and
310 enterprise environments.
313 4. Applicability Statement
316 Generally replication can be characterized by looking at data
317 consistency models across existing technologies. This may provide
318 insight to LDAP v3 replication requirements. The following is a
319 brief examination of the following data models.
322 Model 1: Tight Consistency -- Includes environments where all
323 replicas must always contain exactly the same directory content. Two
324 phase commit transaction models may be used to preserve transaction
328 Model 2: Eventual Consistency or Transient Consistency -- Includes
329 X.500 Directories, Bayou [XEROX], and NDS (Novell Directory
330 Services) names service where definite knowledge of the global
331 replica topology is provided through predetermined replication
332 agreements. Such that every update propagates to every replica that
333 it can reach via a path of stepwise eventual connectivity.
334 Transaction consistency is preserved for transactions directed at
335 the master server in X.500 implementations. NDS additionally
336 provides deterministic consistency over time to all replicas due to
337 its inherent replication policies.
342 Weiser & Stokes 21 April 2000 [Page 5]
\f
345 INTERNET-DRAFT LDAP Replication Requirements 21 October 1999
351 Model 3: Limited Effort Eventual Consistency -- Includes Xerox
352 Clearinghouse [XEROX] that provides a statistical probability of
353 convergence with global knowledge of replica topology. Similar to
354 "Eventual Consistency", except where replicas may purge updates
355 therefore dropping propagation changes when some replica time
356 boundary is exceeded, thus leaving some changes replicated to a
357 portion of the replica topology. Transactional consistency is not
358 preserved, though some weaker constraints on consistency are
361 Model 4: Loosest Consistency -- Includes opportunistic or simple
362 cache where information is provided from the cache until stale.
365 Model 5: Ad hoc -- A copy of a date store where no follow up checks
366 are made for the accuracy/freshness of the data.
369 Consistency models 2, and 3 involve the use of prearranged
370 replication agreements or "Predefined Replication Agreements"
371 between cooperating servers. The complexity of Model 1's use of 2-
372 phase commit adds additional overhead that should not considered at
373 this time. Models 4 and 5 involve unregistered replicas which
374 "pull" updates from another directory server without that server's
375 knowledge. These models can be considered to violate a directory's
376 security policies. Therefore models 1, 4, and 5 are declared to be
377 out of scope of this working group.
380 So through further review of these consistency models two
381 application areas can then be derived with even further
382 characterizations of the data types usages.
384 Eventual Consistency or Transient Consistency (Model 2) - This model
385 provides policy configuration through security management
386 parameters; the data is more dynamic and utilizes dynamic address
389 Limited Effort Eventual Consistency (Model 3) - This model matches a
390 white-pages environment which contains fairly static data and
391 address information. This model mainly replicates message
394 Therefore it is believed an LDAP replication should be flexible
395 enough to cover the above range of capabilities. The generalized use
396 of LDUP replication environment is to provide for the distribution
397 of LDAP directory information in order to improve accessibility and
398 consistency of the information held by the directory.
402 4.1 Replication Scenarios
408 Weiser & Stokes 21 April 2000 [Page 6]
\f
411 INTERNET-DRAFT LDAP Replication Requirements 21 October 1999
417 The following directory deployment examples are intended to
418 substantiate and validate our replication requirements. It is
419 assumed in all cases that directory implementations from different
420 vendors are involved.
422 4.1.1 Extranet Example
425 A company has a trading partner to whom it wishes to provide
426 directory information. This information may be as simple as a
427 corporate telephone directory, or as complex as an extranet work
428 flow application. For performance reasons the company may wish to
429 have a replica of its directory within the Partner Company, rather
430 than simply exposed beyond its firewall.
433 The requirements, which follow from this scenario, are:
435 - One-way replication, single mastered.
436 - Authentication of clients.
437 - Common access control and access control identification.
438 - Secure transmission of updates.
439 - Selective attribute replication (Fractional Replication), so that
440 only partial entries can be replicated.
444 4.1.2 Consolidation Example
447 Company A acquires company B. In the transition period, whilst the
448 organizations are merged, both directory services must coexist.
449 Company A may wish to attach company B's directory to its own.
451 The requirements, which follow from this scenario, are:
453 - Multi-Master replication.
454 - Common access control model. Access control model identification.
455 - Secure transmission of updates.
456 - Replication between DITs with potentially differing schema.
459 4.1.3 Replication Heterogeneous Deployment Example
461 An organization may deliberately deploy multiple directory services
462 within their enterprise to employ the differing benefits of each
463 service. In this case multi-master replication will be required to
464 ensure that the multiple updateable replicas of the DIT are
465 synchronized. Some vendors may provide directory clients, which are
466 tied to their own directory service.
469 The requirements, which follow from this scenario, are:
472 - Multi-Master replication
476 Weiser & Stokes 21 April 2000 [Page 7]
\f
479 INTERNET-DRAFT LDAP Replication Requirements 21 October 1999
485 - Common access control model and Access control model
487 - Secure transmission of updates.
488 - Replication between DITs with potentially differing schemas.
490 4.1.4 Shared Name Space Example
493 Two organizations may choose to cooperate on some venture and need a
494 shared name space to manage their operation. Both organizations
495 will require administrative rights over the shared name space.
497 The requirements, which follow from this scenario, are:
499 - Multi-Master replication.
500 - Common access control model and Access control model
502 - Secure transmission of updates.
504 4.1.5 Supplier Initiated Replication
506 A single master environment, which maintains a number of replicas of
507 the DIT by pushing changes, based on a defined schedule.
510 The requirements, which follow from this scenario, are:
512 - Single-master environment.
513 - Supplier-initiated replication.
514 - Secure transmission of updates.
517 4.1.6 Consumer Initiated Replication
520 Again a single mastered replication topology, but the replica
521 initiates the replication exchange rather than the master. An
522 example of this is a replica that resides on a laptop computer that
523 may run disconnected for a period of time.
526 The requirements, which follow from this scenario, are:
528 - Single-master environment.
529 - Consumer initiated replication.
530 - Open scheduling (anytime).
532 4.1.7 Prioritized attribute replication
535 The password attribute can provide an example of the requirement for
536 prioritized attribute replication. A user is working in Utah and the
537 administrator resides in California. The user has forgotten his
538 password. So the user calls or emails the administrator to request a
539 new password. The administrator provides the updated password (a
540 change). Policy states that this attribute is critical and must be
544 Weiser & Stokes 21 April 2000 [Page 8]
\f
547 INTERNET-DRAFT LDAP Replication Requirements 21 October 1999
553 available to the user for login immediately (e.g. shortly) after the
554 administrator changed it. Replication needs to occur immediately for
555 critical attributes/objects.
558 The requirements, which follow from this scenario, are:
560 - Incremental replication of changes.
561 - Automatic replication on change of certain attributes.
562 - Replicate based on time/attribute semantics.
564 4.1.8 Bandwidth issues
567 The replication of Server (A) R/W replica (a) in Katmandu is handled
568 via a dial up phone link to Paris where server (B) R/W replica of
569 (a) resides. Server (C) R/W replica of(a) is connected by a T1
570 connection to server (B). Each connection has a different
571 performance characteristic.
574 The requirements, which follow from this scenario, are:
576 - Minimize repetitive updates when replicating from multiple
578 - Incremental replication of changes.
579 - Provide replication cycles to delay and/or retry when connections
581 - Allowances for consumer initiated or supplier initiated
585 4.1.9 Interoperable Administration and Management
587 The administrator with administrative authority of the corporate
588 directory which is replicated by numerous geographically dispersed
589 LDAP servers from different vendors notices that the replication
590 process is not completing correctly as the change log is continuing
591 to grow and/or error message informs him. The administrator uses his
592 $19.95 RepCo LDAP directory replication diagnostics tools to look at
593 Root DSE replica knowledge on server 17 and determines that server
594 42 made by LDAPÆRUS Inc. is not replicating properly due to an
595 Object conflict. Using his Repco Remote repair tools he connects to
596 server 42 and resolves the conflict on the remote server.
599 The requirements, which follow from this scenario, are:
601 - Provides replication audit history.
602 - Provisions for managing conflict resolution.
603 - Provide LDAP access to predetermined agreements, topology and
605 - Provide operations for comparing replicaÆs content for validity.
606 - Provide LDAP access to status and audit information.
611 Weiser & Stokes 21 April 2000 [Page 9]
\f
614 INTERNET-DRAFT LDAP Replication Requirements 21 October 1999
620 4.1.10 Enterprise Directory Replication Mesh
623 A Corporation builds a mesh of directory servers within the
624 enterprise utilizing LDAP servers from various vendors. Five servers
625 are holding the same area of replication. The predetermined
626 replication agreement(s) for the enterprise mesh are under a single
627 management, and the security domain allows a single predetermined
628 replication agreement to manage the 5 servers replication.
631 The requirements, which follow from this scenario, are:
633 - Predefined replication agreements that manage more than a single
634 area of replication that is held on numerous servers.
635 - Common support of replication management knowledge across vendor
637 - Rescheduling and continuation of a replication cycle when one
638 server in a replica ring is busy and/or unavailable.
643 5.1 LDAP Replication MUST be allowed to span different vendors
644 directory services in order to provide interoperability.
646 5.2 All replicas MUST eventually be updated with the changed
647 information, if specified by the replication policy.
650 5.3 Replication schedules MUST be configurable to allow for
651 periodic replication, with the replication period determined by
652 administrator of the replicated system.
655 5.4 Replication Model MUST enable replication cycle to be initiated
656 on change or based on the number of pending changes.
658 5.5 The replication model MUST allow for administrative
659 initiation of replication cycle for any replica that may have
660 just come back online or was unavailable during previous
663 5.6 The replication model MUST support both master-slave and
664 authoritative multi-updateable replica relationships.
667 5.7 All replicated information between the master database and its
668 replica databases MUST be identical including all non-user
669 modify operational attributes such as time stamps. Note this
670 does not imply that the entire database is identical from
671 replica to replica, but that the subset of data, chosen to
672 replicate is identical from replica to replica. Some
673 operational attributes may be dynamically evaluated; these
674 attributes will not necessarily appear to be identical.
681 Weiser & Stokes 21 April 2000 [Page 10]
\f
684 INTERNET-DRAFT LDAP Replication Requirements 21 October 1999
690 5.8 In distributed multi-vendor environment, LDAP replication MUST
691 NOT require all copies of the replicated information be
692 complete copies of the replicated object.
695 5.9 LDAP replication MUST encompass common schema objects and
696 attributes, access control, and name space information.
699 5.10 Sub-tree Replication MUST be defined to allow for greater
700 flexibility in replication topologies of the DIT as defined by
701 the area of replication called partial replication.
704 5.11 Replication of critical values MUST be synchronized and have
705 priority over non-critical values. An example of a critical
706 value might be a password or certificate value.
708 5.12 Replication activities MUST occur within the context of a
709 predefined replication agreement that addresses proper
710 knowledge of access requirements and credentials between the
711 synchronizing directories. Currently X.525 DISP [X.525]
712 discusses this as a shadowing agreement including such
713 information as unit of replication, update mode, and access
714 point defining many of the policies between the master and a
718 5.13 The acceptance and usage of the Internet requires that LDAP
719 replication be available across disparate vendor directory
723 5.14 LDAP replication MUST provide scalability to both enterprise
724 and Internet environments, e.g. an LDAP server may provide
725 replication services to replicas within an enterprise as well
726 as across the Internet.
729 5.15 The replication model MUST define deterministic policy such
730 that replication cycle startup time conflicts between two or
731 more competing master replicas may be resolved
732 programmatically. An example might be automatic submission and
733 rescheduling by one of the masters. In such a case, these
734 replication "conflicts" MUST be resolved by the replication
738 5.16 Any replication capable LDAP server MUST allow replication
739 where the 2 replicating servers agree they can replicate. This
740 may be accomplished through administrative agreements assuming
741 compatible access control model and common schema are provided.
744 5.17 The replication model MUST be able to handle convergence and
745 resurrection of attributes and objects. This is a consequence
746 of delete and move with respect to the replication process.
751 Weiser & Stokes 21 April 2000 [Page 11]
\f
754 INTERNET-DRAFT LDAP Replication Requirements 21 October 1999
760 5.18 It is not realistic to assume that all vendors have cooperating
761 schemas, but that replication may be allowed between diverse
762 schema. The Model MAY allow for replication between divergent
766 6. Replication Protocol
769 6.1 The act of replication SHOULD have minimal impact on both the
770 system and network performance.
772 6.2 The replica synchronization SHOULD be handled in such a manner
773 as to not saturate network with repetitive entry replication
774 from multiple synchronization providers points.
777 6.3 Replication MUST only be allowed after the authentication and
778 verification of authorization of both the replica and the
782 6.4 The transport for LDAP synchronization MUST allow for the
783 integrity and confidentiality of each replicated server.
786 6.5 Replicated data MUST be transferable in a secure manner.
789 6.6 Replication protocol MUST provide for recovery and rescheduling
790 of a replication cycle due to a replication initiation
791 conflicts (e.g. consumer busy replicating with other servers)
792 and or loss of connection(e.g. supplier cannot reach a
793 replica). The replication protocol MUST include restarting at
794 the last acknowledged update prior to interruption rather than
795 re-sending updates it had already sent to a consuming replica.
798 6.7 LDAP replication MUST allow for full update to facilitate
799 replica initialization and reset loading utilizing a
800 standardized format such as LDIF [LDIF] format.
802 6.8 The replication standard SHOULD NOT limit the size of a
803 replica. The area of replication is defined to be a whole or
804 portion of a DIT, also allowing a portion of a naming context
805 to be replicated. Incremental replication SHOULD be allowed.
807 6.9 The replication agreements MUST accommodate multiple servers
808 receiving the same replica under a single predefined agreement.
811 6.10 The replication protocol MUST allow either a master or replica
812 to initiate the replication process.
815 6.11 Additionally the initiator MUST be allowed to determine
816 whether it will become a consumer or supplier during the
817 synchronization startup process. This would allow a replica to
821 Weiser & Stokes 21 April 2000 [Page 12]
\f
824 INTERNET-DRAFT LDAP Replication Requirements 21 October 1999
830 be periodically connected and synchronized from remote sites at
831 the local administrator's discretion.
834 6.12 Multiple LDAP changes to a single server: If transactional
835 consistency is propagated during replication, then multiple LDAP
836 changes submitted to a single server SHOULD BE treated as a
837 single 'atomic unit of work'.
840 6.13 An LDAP Replication Standard SHOULD NOT limit the transaction
841 rate of a replication session.
844 6.14 Entry change information MUST be purged or discarded in a
845 timely manner when change information becomes outdated due to
846 propagated to all replica members.
854 7.1 Replica knowledge MUST be provided as DSE attributes.
856 7.2 The Replication Protocol documents MUST define standard schema
857 for representing replication agreements, and MUST define the
858 semantics associated with modifying the attributes of
859 replication agreements. The documents MUST also define a
860 standard method for determining the location of these
861 agreements accessible utilizing LDAP.
864 7.3 The Replication Protocol documents MUST define standard schema
865 for publishing state information about a given replica, and
866 MUST define a standard method for determining the location of
870 7.4 A location independent management point MUST be defined to
871 provide authorized administrators with well known access to the
872 replication policies, regardless of network location.
875 7.5 Replication agreements of all servers containing replicated
876 information MUST be accessible via LDAP.
879 7.6 All objects MUST be uniquely identifiable throughout the object
885 8. Administration and Management Considerations
889 8.1 Replication policies MUST allow replication of changed
890 information to be administratively postponed to a more
894 Weiser & Stokes 21 April 2000 [Page 13]
\f
897 INTERNET-DRAFT LDAP Replication Requirements 21 October 1999
906 8.2 Allowance for non-scheduled replication of a replica MUST be
907 provided upon request such that the replica server has been
908 down or unconnected for a period of time.
911 8.3 Each copy of a replica MUST maintain audit history information
912 of which servers it has replicated with and which servers have
915 8.4 A replica MUST store conflicted versions of the replicated
916 object to allow optional human review and intervention.
919 8.5 Access to replication predetermined agreements, topologies, and
920 policies attributes MUST be provided through LDAP access.
923 8.6 The capability to check the differences between two replicas
924 for the same information SHOULD be provided for. This should
925 entail a client invoking an operation at some server, which
926 causes that server to extract the contents from some other
927 server it has a replication agreement with and report the
928 differences back to the client as the result.
931 8.7 Authenticated access SHOULD be provided so that Administrative
932 LDAP clients may query a server for the current state and
933 replication history for each replica that the server maintains
934 replication agreements with.
937 8.8 The ability to view replication conflicts, and override the
938 resolution derived by the replication policy MUST be provided.
941 8.9 The deletion of sensitive data MUST be handled in an orderly
942 manner so that at no time will that data be available without
943 proper access control. That is, access control information
944 (ACI) associated with sensitive data must be deleted after or
945 simultaneously with the delete of the sensitive data. Likewise,
946 when adding sensitive data, ACI MUST be added first or
947 simultaneously with the addition of that data.
955 This document is based on input from IETF members interested in LDUP
965 Weiser & Stokes 21 April 2000 [Page 14]
\f
968 INTERNET-DRAFT LDAP Replication Requirements 21 October 1999
978 [RFC2251] M. Wahl, T. Howes, S. Kille "Lightweight Directory Access
982 [RFC2119] S.Bradner, " Key words for use in RFCs to indicate
983 Requirement Levels", RFC 2119.
986 [LDIF] Gordon Good, "The LDAP Data Interchange Format (LDIF)",
987 Internet draft, draft-ietf-asid-ldif-00.txt, November 1996.
990 [Changelog] Gordon Good, "Definitions of an Object Class to Hold
991 LDAP Change records", Internet Draft, draft-ietf-asid-changelog-
992 00.txt, November 1996.
995 [X.501] ITU-T Recommendation X.501 (1993), | ISO/IEC 9594-2: 1993,
996 Information Technology - Open Systems Interconnection - The
999 [XEROX] Hauser, C. "Managing update conflicts in Bayou, a weakly
1000 connected replicated storage system". Palo Alto, CA: Xerox PARC,
1001 Computer Science Laboratory; 1995 August; CSL-95-4. [CSL-95-04]
1005 11. Author's Address
1009 Digital Signature Trust Co.
1010 One South Main Street
1011 Salt Lake City, Utah 84111
1015 E-mail: rweiser@digsigtrust.com
1016 Telephone: +1-801-983-4415
1027 E-mail: stokes@austin.ibm.com
1028 Telephone: +1-512-838-3725
1029 Fax: +1-512-838-0156
1035 Weiser & Stokes 21 April 2000 [Page 15]
\f
projects / openldap / blob