8 draft-ietf-ldup-urp-03.txt Adacel Technologies
14 LDUP Update Reconciliation Procedures
16 Copyright (C) The Internet Society (2000). All Rights Reserved.
21 This document is an Internet-Draft and is in full conformance with
22 all provisions of Section 10 of RFC2026.
24 Internet-Drafts are working documents of the Internet Engineering
25 Task Force (IETF), its areas, and its working groups. Note that
26 other groups may also distribute working documents as Internet-
29 Internet-Drafts are draft documents valid for a maximum of six months
30 and may be updated, replaced, or obsoleted by other documents at any
31 time. It is inappropriate to use Internet-Drafts as reference
32 material or to cite them other than as "work in progress".
34 The list of current Internet-Drafts can be accessed at
35 http://www.ietf.org/ietf/1id-abstracts.txt
37 The list of Internet-Draft Shadow Directories can be accessed at
38 http://www.ietf.org/shadow.html.
40 This draft is published by the IETF LDUP Working Group. Distribution
41 of this document is unlimited. Comments should be sent to the LDUP
42 Replication mailing list <ldup@imc.org> or to the authors.
44 This Internet-Draft expires on 29 December 2000.
48 This document describes the procedures used by LDAP [LDAPv3] or X.500
49 [X500] directory servers to reconcile updates performed by
50 autonomously operating directory servers in a distributed, replicated
53 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
54 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
58 Legg & Payne Expires 29 December 2000 [Page 1]
60 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
63 document are to be interpreted as described in RFC 2119 [RFC2119].
69 2. Table of Contents 2
72 4.1 Unique Identifier 3
73 4.2 Timestamps & Existence 3
74 4.3 Replication Primitives 4
76 5. Replication Procedures 6
77 5.1 Processing LDAP, DAP or DSP Operations on the DIT 6
82 5.2 Generating Replication Primitives 10
83 5.3 Processing Replication Primitives on the DIT 12
84 5.3.1 Saving Deletion Records 13
86 5.3.3 Generating Change Sequence Numbers 14
87 5.3.4 Comparison of Attribute Values 15
89 5.3.6 Processing Add Attribute Value Primitive 18
90 5.3.7 Processing Remove Attribute Value Primitive 19
91 5.3.8 Processing Remove Attribute Primitive 20
92 5.3.9 Processing Add Entry Primitive 20
93 5.3.10 Processing Remove Entry Primitive 21
94 5.3.11 Processing Move Entry Primitive 22
95 5.3.12 Processing Rename Entry Primitive 23
96 6. Security Considerations 24
97 7. Acknowledgements 25
99 9. Intellectual Property Notice 26
100 10. Copyright Notice 26
101 11. Authors' Addresses 27
106 Each DAP, LDAP or DSP operation successfully performed by a directory
107 server is subsequently reported to other directory servers with which
108 it has a replication agreement as a set of one or more simple
109 timestamped replication primitives. These primitives reflect the
110 intended final state of an update operation rather than the specific
114 Legg & Payne Expires 29 December 2000 [Page 2]
116 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
119 changes required to achieve that state.
121 A directory server will receive replication primitives from its
122 various agreement partners according to the agreement schedules.
123 Those primitives MUST be reconciled with the current directory server
124 contents. In broad outline, received replication primitives are
125 compared to the timestamp information associated with the directory
126 data item being operated on. If the primitive has a more recent
127 timestamp a change in the directory contents is made (which may
128 involve only the revision of the timestamp). If the directory server
129 has other replication agreements then the change will be reflected in
130 primitives sent during replication sessions for those other
131 agreements. If the primitive has an older timestamp it is no longer
132 relevant and is simply ignored.
134 The Update Reconciliation Procedures are designed to produce a
135 consistent outcome at all participating directory servers regardless
136 of the order in which the primitives are received and processed. The
137 primitives can also be safely replayed in the event that an exchange
138 of replication information with another directory server is
139 interrupted. This greatly simplifies the recovery mechanisms
140 required in the replication protocol.
144 This section describes the extensions to the data model required to
145 effect multi-master replication.
147 4.1 Unique Identifier
149 A Unique Identifier is associated with each entry in the global DIT.
150 This Unique Identifier MUST be globally unique for all time in the
151 Directory. This can be achieved by defining a unique prefix for each
152 directory server and then ensuring that the suffix of the Unique
153 Identifier is locally unique.
155 The Unique Identifier for an entry is held in the entryUUID
156 operational attribute.
158 Some pre-allocated global Unique Identifier values are used to
159 indicate the X.500 global root entry, and the Lost & Found entry (see
162 4.2 Timestamps & Existence
164 The timestamp for a replication primitive or directory data item is
165 in the form of a Change Sequence Number (CSN). The components of the
166 CSN are, from most significant to least significant, a time in
170 Legg & Payne Expires 29 December 2000 [Page 3]
172 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
175 seconds, a change count, a Replica Identifier and a modification
176 number. Notionally a CSN is associated with an entry's Relative
177 Distinguished Name (the Name CSN), the reference to its superior
178 entry (the Parent CSN) and each of its attribute values (including
179 the distinguished values and operational attribute values), to record
180 the time of the most recent action on that part of the entry.
182 The entry itself has a CSN (the Entry CSN) asserting the most recent
183 time at which the entry was added. An entry is permitted to be
184 removed and then re-added at one or more directory servers. In this
185 context re-adding an entry means reusing the Unique Identifier of a
186 removed entry and does not refer to the case of reusing the RDN of a
187 removed entry. The reuse of a Unique Identifier can arise by the
188 explicit action of a directory administrator to restore an entry that
189 was mistakenly removed. The mechanism by which an administrator adds
190 an entry with a reused Unique Identifier is outside the scope of the
191 X.500 and LDAP standards since the Unique Identifier of an entry is
192 not a user modifiable attribute. Note that from the perspective of a
193 consumer directory server of a partial area of replication, an entry
194 may appear to be removed and added several times because
195 modifications to the entry change whether the entry satisfies the
196 replication agreement specification for the area of replication.
198 Additionally, a deletion record is kept for each of the recently
199 deleted entries (entry deletion records), attributes (attribute
200 deletion records), or attribute values (value deletion records). A
201 deletion record contains a CSN and asserts that the associated
202 directory object no longer existed at the particular time.
204 4.3 Replication Primitives
206 Each update operation performed on an entry in a part of the DIT
207 subject to one or more replication agreements MUST be subsequently
208 reported as replication primitives to the replication partner
209 directory servers of those agreements. The collection of primitives
210 sent by a directory server to a replication partner will reflect both
211 the results of locally processed user update requests and also of
212 replicated updates received from other directory servers. A single
213 update operation will decompose into one or more primitives.
215 Common to all update primitives is an entry identifier argument, uid,
216 containing the Unique Identifier of the target entry of the change,
217 and a CSN argument, csn, to indicate the time of the change. In the
218 case of adding a new entry, the Unique Identifier for the entry is
219 allocated by the directory server in the course of processing the
220 operation. Additional arguments are present depending on the type of
221 replication primitive.
226 Legg & Payne Expires 29 December 2000 [Page 4]
228 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
231 The p-add-entry(uid, csn, superior, rdn) primitive is used to
232 describe the addition of a new entry with minimal contents. The
233 superior argument contains the Unique Identifier of the immediate
234 superior entry of the added entry. The rdn argument contains the
235 Relative Distinguished Name of the added entry.
237 The p-move-entry(uid, csn, superior) primitive is used to describe
238 the moving of an entry to a new immediate superior in the DIT. The
239 superior argument contains the Unique Identifier of the new superior
242 The p-rename-entry(uid, csn, rdn) primitive is used to describe a
243 change to the Relative Distinguished Name of an entry. The rdn
244 argument contains the new RDN for the entry.
246 The p-remove-entry(uid, csn) primitive is used to describe the
249 The p-add-attribute-value(uid, csn, type, value) primitive is used to
250 describe the addition of a single attribute value to an entry. The
251 type argument contains the attribute type of the value and the value
252 argument contains the attribute value.
254 The p-remove-attribute-value(uid, csn, type, value) primitive is used
255 to describe the removal of a single attribute value from an entry.
256 The type argument contains the attribute type of the value and the
257 value argument contains the attribute value.
259 The p-remove-attribute(uid, csn, type) primitive is used to describe
260 the removal of all values of an attribute from an entry. The type
261 argument contains the removed attribute type.
263 These primitives reflect the intended final state of an update
264 operation rather than the specific changes required to achieve that
269 As a result of conflicting updates at two or more master directory
270 servers, an entry may be left with a reference to a non-existent
271 superior entry. Such an entry is called an orphaned entry. When
272 this situation arises, the directory server creates a glue entry for
273 the missing superior entry. This glue entry is made a subordinate of
274 the specially nominated Lost & Found entry and the orphaned entry
275 becomes a subordinate of the glue superior entry (see Section 5.3.2).
276 Entries that exist in the Lost & Found subtree can still be modified
277 by actions of the replication protocol since entries are identified
278 by Unique Identifiers in the protocol, independent of their
282 Legg & Payne Expires 29 December 2000 [Page 5]
284 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
287 positioning in the global DIT.
289 Entries will also be explicitly moved to become immediate
290 subordinates of the Lost & Found entry to prevent the formation of a
291 loop in the superior-subordinate relationships in the DIT. This
292 situation can only arise through conflicting move entry operations at
293 two or more master directory servers.
295 Entries that exist under the Lost & Found entry are able to be
296 returned to a suitable position in the DIT by an administrator or
297 user with appropriate access rights.
299 5. Replication Procedures
301 The procedures defined in this section ensure the consistent and
302 correct application of the results of DAP, LDAP or DSP operations
303 across all replicating directory servers.
305 5.1 Processing LDAP, DAP or DSP Operations on the DIT
307 A successful DAP, LDAP or DSP operation applied to a part of the DIT
308 subject to a replication agreement will create or replace one or more
309 CSNs on an entry or its contents, and create zero, one or more
310 deletion records referencing the entry or its contents. The CSNs and
311 deletion records generated from an operation are atomic with that
312 operation. That is, either the operation succeeds, the CSNs are
313 revised and the deletion records are stored, or the operation fails,
314 no CSNs are revised and no deletion records are stored. In all
315 cases, all current error conditions (i.e. reasons for rejecting an
316 LDAP, DAP or DSP update operation) remain.
318 At some later time, possibly immediately following the update or
319 concurrently with it, the CSNs on entry contents and deletion records
320 are used to generate the replication primitives that will report the
321 update to other directory servers via a replication session.
323 All the CSNs generated from a single update operation MUST use the
324 same time, change count and Replica Identifier. The modification
325 number is permitted to vary but MUST be assigned such that when the
326 CSNs resulting from the operation, including those in the deletion
327 records, are compared to the CSNs resulting from any other operation
328 they are all strictly greater than or all strictly less than those
329 other CSNs (i.e. in a global CSN ordering of the primitives
330 resulting from all operations the primitives of each operation MUST
331 be contiguous in that ordering). In order for the update to be
332 consistently applied when replicated to other directory servers the
333 CSNs generated during that update must generally be greater than any
334 pre-existing CSNs on the updated entry's contents. It is expected
338 Legg & Payne Expires 29 December 2000 [Page 6]
340 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
343 that directory servers will normally use the current time according
344 to their system clocks in generating the CSNs for an operation.
345 However in an environment where directory server clocks are not
346 necessarily synchronized the current time may be older than existing
347 CSNs on entry contents. The constraints the new CSNs MUST satisfy
348 with respect to pre-existing CSNs on entry data are covered in the
349 sections on each type of update operation. The Update Reconciliation
350 Procedures allow a directory server to generate CSNs in advance of
351 its current time to satisfy the constraints and proceed with the
354 The LDUP Update Vector mechanism imposes the additional constraint
355 that the CSN generated for an update operation MUST also be greater
356 than the highest CSN generated by the directory server that has
357 already been seen by any other directory server. An implementation
358 that generates successively greater CSNs for each operation will
359 satisfy this constraint.
361 The following sections describe the additional actions carried out in
362 processing each standard type of update operation in order to support
363 replication. If a directory server implementation supports other
364 non-standard update operations or alternative non-directory update
365 protocols then, in so far as these operations alter replicated
366 directory data, the implementation MUST generate and apply CSNs and
367 deletion records that accurately reflect any change.
369 A directory server implementation may also perform implicit updates
370 in response to user update requests, e.g. to maintain the referential
371 integrity of distinguished names. Appropriate CSNs and deletion
372 records for these changes MUST also be generated.
374 A detailed description of the replication processing for these other
375 types of update is beyond the scope of this document.
380 The LDAP Add operation [LDAPv3] or DAP addEntry operation [X511] is
381 used to add a leaf entry to the DIT. A successful request will
382 generate a CSN for the entry. The CSN on the entry's RDN, the CSN on
383 the entry's superior reference, and the CSN on each distinguished and
384 non-distinguished value added to the entry by the add entry operation
385 are set to this same value. The affected values include any
386 operational attribute values automatically generated by the directory
387 server, e.g. creatorsName and createTimestamp. Note that the value
388 of the createTimestamp attribute does not necessarily correspond to
389 the time component of the CSN associated with that value.
394 Legg & Payne Expires 29 December 2000 [Page 7]
396 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
399 The Unique Identifier generated for an entry created by a user
400 request is required to be globally unique for all time, so there
401 ought not be a pre-existing entry deletion record for the same Unique
402 Identifier. However it is recognized that, in practice, directory
403 administrators may need to restore a deleted entry using its original
404 Unique Identifier (the mechanism used to achieve this is undefined
405 and outside the scope of this specification). In this case the CSN
406 for the entry MUST be generated such that it is greater than or equal
407 to the CSN of any existing entry, attribute or value deletion
408 records, and greater than any of the CSNs contained in an existing
409 glue entry, for the same Unique Identifier.
413 The LDAP Delete operation [LDAPv3] or DAP removeEntry operation
414 [X511] is used to remove a leaf entry from the DIT. If the request
415 succeeds then an entry deletion record is stored containing the
416 Unique Identifier of the removed entry. The CSN for the entry
417 deletion record MUST be generated such that it is greater than the
418 entry CSN of the removed entry.
422 The LDAP Modify operation (ModifyRequest) [LDAPv3] or DAP modifyEntry
423 operation [X511] is used to perform a series of one or more
424 modifications to an entry. If the request succeeds then zero, one or
425 more new values with CSNs are added to the entry contents, and zero,
426 one or more value or attribute deletion records are stored.
428 The modifications described by the modification argument of the LDAP
429 ModifyRequest have the following additional effects:
431 a) The add alternative associates a CSN with each of the added
434 b) The delete alternative with no listed values generates an
435 attribute deletion record for the removed attribute type.
437 c) The delete alternative with listed values generates a value
438 deletion record for each of the removed values.
440 d) The replace alternative first generates an attribute deletion
441 record for the removed attribute type. A CSN is then associated
442 with each of the added values.
444 The modifications described by the changes argument of the X.500
445 modifyEntry operation have the following additional effects:
450 Legg & Payne Expires 29 December 2000 [Page 8]
452 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
455 a) The addAttribute and addValues alternatives associate a CSN
456 with each of the added attribute values. These two alternatives
457 are equivalent from the point of view of URP since there is no CSN
458 associated specifically with the attribute type.
460 b) The removeAttribute alternative generates an attribute deletion
461 record for the removed attribute type.
463 c) The removeValues alternative generates a value deletion record
464 for each of the removed values.
466 d) The alterValues alternative first generates a value deletion
467 record for each of the old values. Secondly, a CSN is associated
468 with each of the new values.
470 e) The resetValues alternative generates a value deletion record
471 for each value actually removed.
473 A successful ModifyRequest or modifyEntry operation will also result
474 in changes to operational attributes of the entry. Like the explicit
475 modifications to user attributes, CSNs are given to new operational
476 attribute values and deletion records are stored for operational
477 attribute values that are removed. The processing in each case
478 depends on the semantics of the particular operational attribute type
479 and can be deduced by considering an equivalent explicit modification
480 request. In particular, the revision of the modifyTimestamp and
481 modifiersName attributes is treated like the ModifyRequest replace
482 alternative. Note that the value of the modifyTimestamp attribute
483 does not necessarily correspond to the time component of the CSN
484 associated with that value. The entryUUID operational attribute
485 SHALL NOT be modified. Consequently attribute and value deletion
486 records for the entryUUID attribute type are never generated.
488 The CSNs generated by a modify operation MUST be greater than the CSN
489 of any pre-existing attribute value that is removed, greater than or
490 equal to the CSN of any pre-existing attribute deletion record or
491 value deletion record applying to an added attribute value, and
492 greater than or equal to the CSN of the entry.
494 A further constraint applies to the modification number component of
495 the CSNs generated by a single modify operation. The CSN generated
496 for an added attribute value MUST be greater than or equal to the CSN
497 on any applicable value deletion record or attribute deletion record
498 already created by this same operation. This constraint is satisfied
499 if the same modification number is used in all the CSNs generated by
500 a single modify operation, or if the CSNs generated as the sequence
501 of modifications in the operation are applied in order use
502 monotonically increasing modification numbers. The modification
506 Legg & Payne Expires 29 December 2000 [Page 9]
508 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
511 numbers need not be consecutive in this case.
513 Whenever a new value is added to the entry contents any value
514 deletion record for the same entry, attribute type and attribute
515 value MAY be discarded.
519 The LDAP Modify DN operation [LDAPv3] and DAP modifyDN operation
520 [X511] are used to change the Relative Distinguished Name of an entry
521 and/or to move an entry to a new superior in the DIT. If the entry
522 is moved to a new superior in the DIT then the CSN on the entry's
523 superior reference is replaced. If the entry's RDN is changed then
524 the CSN on the entry's RDN is replaced. A value deletion record is
525 stored for each of the formally distinguished attribute values
526 removed from the entry as a consequence of the deleteOldRDN parameter
527 (modifyDN) or deleteoldrdn parameter (ModifyDNRequest) being set to
528 true. An entryUUID attribute value that is made non-distinguished
529 SHALL NOT be removed from the entry regardless of the deleteOldRDN or
530 deleteoldrdn flag and SHALL NOT have a corresponding value deletion
533 If the CSN on the entry's superior reference is revised then the new
534 value MUST be greater than the previous value. If the CSN on the
535 entry's RDN is revised then the new value MUST be greater than the
536 previous value of the CSN on the RDN. The CSNs for any value
537 deletion records MUST be greater than the CSNs on the removed
540 5.2 Generating Replication Primitives
542 Each time a replication session is invoked, the supplier directory
543 server generates and sends replication primitives for updates known
544 to the supplier but not yet known to the consumer directory server.
545 The supplier uses the Update Vector of the consumer to determine what
546 to send. Conceptually, the supplier scans all the glue and non-glue
547 entries and deletion records covered by the replication agreement
548 with the consumer and generates primitives where the CSNs held by the
549 supplier are greater than the CSN for the corresponding identified
550 replica in the consumer's Update Vector. No replication primitives
551 are generated for entries or entry contents that are outside the
552 scope of the replication agreement.
554 A p-add-entry primitive is generated for each entry whose entry CSN
555 is greater than the Update Vector CSN for the same replica. The
556 superior argument of the p-add-entry primitive contains the Unique
557 Identifier of the immediate superior entry of the added entry. The
558 rdn argument of the p-add-entry primitive contains the Relative
562 Legg & Payne Expires 29 December 2000 [Page 10]
564 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
567 Distinguished Name of the created entry except that the value of the
568 entryUUID attribute, if distinguished, is always omitted from the
569 RDN. The superior and rdn arguments are provided even if the CSN on
570 the superior reference or the RDN are greater than the CSN on the
573 A p-add-attribute-value primitive is generated for each distinguished
574 value that has a CSN greater than the Update Vector CSN for the same
575 replica and greater than the CSN on the RDN of its entry. A p-add-
576 attribute-value primitive is generated for each non-distinguished
577 value that has a CSN greater than the Update Vector CSN for the same
578 replica. The values of operational attributes are treated in the
579 same way as the values of user attributes. The p-add-attribute-value
580 primitive uses the CSN of the corresponding value. There are no
581 separate primitives generated for the distinguished values that have
582 the same CSN as the CSN on their entry's RDN.
584 If the CSN on an entry's RDN is greater than the Update Vector CSN
585 for the same replica and greater than the CSN on the entry then a p-
586 rename-entry primitive is generated. The CSN for this primitive is
587 the CSN on the entry's RDN and the rdn argument contains the Relative
588 Distinguished Name of the entry.
590 If the CSN on the entry's superior reference is greater than the
591 Update Vector CSN for the same replica and greater than the CSN on
592 the entry then a p-move-entry primitive is generated. The CSN for
593 this primitive is the CSN on the entry's superior reference and the
594 superior argument contains the Unique Identifier of the immediate
597 A p-remove-attribute-value primitive is generated for each value
598 deletion record having a CSN greater than the Update Vector CSN for
599 the same replica. The primitive uses exactly the same arguments as
600 the value deletion record.
602 A p-remove-attribute primitive is generated for each attribute
603 deletion record having a CSN greater than the Update Vector CSN for
604 the same replica. The primitive uses exactly the same arguments as
605 the attribute deletion record.
607 A p-remove-entry primitive is generated for each entry deletion
608 record having a CSN greater than the Update Vector CSN for the same
609 replica. The primitive uses exactly the same arguments as the entry
612 Rather than scanning the DIT, an implementation MAY choose to
613 generate replication primitives as the user update requests are being
614 processed and put these primitives into a replication log in
618 Legg & Payne Expires 29 December 2000 [Page 11]
620 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
623 preparation for sending during the next replication session. Any
624 replication primitives generated from an operation in this way MUST
625 be atomic with that operation. That is, either the operation
626 succeeds, and primitives are added to the replication log, or the
627 operation fails, and no primitives are added to the log. The
628 replication log MAY be filtered prior to sending to eliminate any
629 primitives that are superseded by later primitives in the log, and to
630 eliminate any primitives having CSNs less than or equal to the
631 relevant CSNs contained in a consumer directory server's Update
634 In a log based implementation, the p-add-attribute-value primitive
635 supersedes a p-remove-attribute-value primitive for the same entry,
636 attribute type, attribute value and equal or older CSN. It
637 supersedes another p-add-attribute-value primitive for the same
638 entry, attribute type, attribute value and older CSN.
640 The p-remove-attribute-value primitive supersedes a p-add-attribute-
641 value primitive for the same entry, attribute type, attribute value
642 and older CSN. It supersedes another p-remove-attribute-value
643 primitive for the same entry, attribute type, attribute value and
646 The p-remove-attribute primitive supersedes a p-add-attribute-value
647 primitive for the same entry, attribute type and older CSN. It
648 supersedes a p-remove-attribute-value or another p-remove-attribute
649 primitive for the same entry, attribute type and equal or older CSN.
651 The p-remove-entry primitive supersedes a p-add-attribute-value, p-
652 add-entry, p-move-entry or p-rename-entry primitive for the same
653 entry and older CSN. It supersedes a p-remove-attribute-value or p-
654 remove-attribute or another p-remove-entry primitive for the same
655 entry and equal or older CSN.
657 The p-move-entry primitive supersedes another p-move-entry primitive
658 for the same entry and older CSN.
660 5.3 Processing Replication Primitives on the DIT
662 Each replication primitive received from another directory server
663 during a replication session that is within the scope of the
664 replication agreement is processed against the DIT. Replication
665 primitives outside the scope of the replication agreement are
668 This section defines some commonly used sub-procedures and the
669 algorithms for processing each of the primitives. These algorithms
670 are not intended to be implemented verbatim but instead describe the
674 Legg & Payne Expires 29 December 2000 [Page 12]
676 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
679 behaviour an LDUP implementation MUST exhibit externally.
680 Alternative equivalent processing logic is permitted.
682 Components of primitives, entries, attributes and values are
683 referenced with the `.' operator. In particular the notation X.csn
684 refers to the CSN of the directory object X. The operators, < and >
685 when applied to CSNs, use the convention of CSNs becoming greater
686 with the progression of time, so older CSNs are less than younger
687 CSNs. In the case where the CSN for object X has been discarded
688 through the purging mechanism, X.csn is assumed to have the least
689 possible CSN value. In some of the procedures a CSN will be
690 explicitly purged. An implementation MAY instead keep the CSN but
691 set it to some value that is old enough for it to be eligible for
692 purging (e.g. the least possible CSN value) without affecting the
693 correctness of the procedures.
695 For an entry, E, the notation E.rdn refers to the entry's Relative
696 Distinguished Name, E.dn refers to the entry's Distinguished Name,
697 and E.superior refers to the Unique Identifier of the entry's
700 5.3.1 Saving Deletion Records
702 It is necessary for a directory server to store deletion records to
703 remember that some entry, attribute or attribute value has been
704 deleted, for a period after the processing of the update operation or
705 replication primitive causing the deletion.
707 Value deletion records have the same parameters as the p-remove-
708 attribute-value primitive. The StoreValueDeletion procedure creates
709 a value deletion record from the actual arguments and stores it for
710 later access by the various primitive processing procedures. When an
711 attribute value is added to an entry, a value deletion record for the
712 same entry, attribute type and value, and with an older CSN, MAY be
715 Attribute deletion records have the same parameters as the p-remove-
716 attribute primitive. The StoreAttributeDeletion procedure creates an
717 attribute deletion record from the actual arguments and stores it for
718 later access. When an attribute deletion record is stored any value
719 deletion records for the same entry and attribute type, and with
720 equal or older CSNs, MAY be discarded.
722 Entry deletion records have the same parameters as the p-remove-entry
723 primitive. The StoreEntryDeletion procedure creates an entry
724 deletion record from the actual arguments and stores it for later
725 access. When an entry deletion record is stored any value deletion
726 records and attribute deletion records for the same entry, and with
730 Legg & Payne Expires 29 December 2000 [Page 13]
732 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
735 equal or older CSNs, MAY be discarded.
737 Since the deletion records have the same components as their
738 associated remove primitives an implementation MAY choose to use the
739 same internal structures for both.
743 Entries are permitted to be re-added and this can lead to situations
744 where applicable primitives are received in the period after an entry
745 is removed but before the arrival of the notification of it being
746 re-added. In these cases a glue entry is created for the Unique
747 Identifier to preserve relevant updates in the event that a p-add-
748 entry primitive with an older CSN is later received for the same
749 entry. A glue entry is upgraded to a normal entry by a subsequent
750 p-add-entry primitive.
752 A glue entry with no subordinate entries and containing only CSNs (on
753 itself or its component parts) that are eligible to be purged MAY be
754 removed. A glue entry is discarded if its contents are completely
755 superseded by another p-remove-entry primitive.
757 The CreateGlueEntry function is called when required to create a glue
758 entry as a subordinate of Lost & Found. CreateGlueEntry takes a
759 single parameter which is the Unique Identifier for the glue entry.
760 The Unique Identifier, in the form of the entryUUID attribute, also
761 becomes the RDN for the glue entry. No CSNs are associated with the
762 entry, the entry's superior reference, or the entry's name (or
763 equivalently they are set to the least possible CSN value).
765 5.3.3 Generating Change Sequence Numbers
767 There are circumstances where conflicts arise in the processing of a
768 replication primitive. It is necessary in these cases for the
769 directory server processing the primitives to make corrective changes
770 and emit additional primitives to ensure that all other directory
771 servers reach the same consistent state. The GenerateNextCSN
772 function is used to obtain a CSN for the corrective change. An
773 implementation that generates replication primitives as the user
774 update requests are being processed and puts them into a replication
775 log MUST take the additional step of creating a primitive to convey
776 the corrective change to other directory servers. Implementations
777 that generate primitives by scanning entries will pick up the
778 corrective change automatically.
780 As is the case for CSNs generated from DAP, DSP or LDAP operations,
781 the CSN for the corrective change is typically generated from the
782 current clock time of the directory server. The conditions imposed
786 Legg & Payne Expires 29 December 2000 [Page 14]
788 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
791 for the correct operation of the LDUP Update Vector MUST also be
794 GenerateNextCSN takes a single CSN parameter. In addition to all
795 other conditions, the CSN generated by the function MUST be greater
796 than this parameter. Since the CSN parameter passed to
797 GenerateNextCSN is always an actual CSN from some directory object
798 stored in the local directory server, an implementation MAY choose to
799 allocate CSNs from an incrementing internal CSN register that is
800 reset after each replication session to a value greater than the
801 largest CSN seen so far, and thereby be safely able to disregard the
802 parameter to GenerateNextCSN.
804 5.3.4 Comparison of Attribute Values
806 Values in primitives, in deletion records or in entries are compared
807 using the equality matching rule for the associated attribute type
808 where that type is permitted to be multi-valued. This means that two
809 values that are considered equal may nonetheless have minor
810 differences. For example, two commonName values may be equal, but
811 use different letter case and have different numbers of leading or
812 trailing spaces. Whenever a CSN for some value is refreshed the
813 value is also refreshed using the exact value from the primitive so
814 that all directory servers use exactly the same representation for
817 Compared values for a single-valued attribute type are all considered
818 to be equal even though they may be significantly different according
819 to that attribute type's equality matching rule. In effect the
820 equality operator, `=', in the following procedures is
821 unconditionally true when used to compare values of a single-valued
822 attribute type. Whenever a CSN for the value of a single-valued
823 attribute is refreshed the value is also refreshed using the value
824 from the primitive. One significant consequence is that an entry
825 whose RDN contains a value of a single-valued attribute type is
826 effectively renamed by a p-add-attribute-value primitive with a more
827 recent value for the attribute type.
829 A value in an entry that is replaced by the exact representation from
830 a primitive retains its distinguished or non-distinguished status.
831 This includes replaced values of single-valued attribute types.
835 Independent changes at two or more directory servers can lead to the
836 situation of two distinct entries having the same name. The
837 procedure, CheckUniqueness(E, S, R), takes an entry and determines
838 whether it is uniquely named. If not, it disambiguates the names of
842 Legg & Payne Expires 29 December 2000 [Page 15]
844 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
847 the entries by adding the Unique Identifier (i.e. the entryUUID
848 attribute) of each of the conflicting entries to their own RDN.
850 The procedure CheckUniqueness is called in each circumstance where
851 the Relative Distinguished Name of an entry might conflict with
852 another entry, either because the entry has been renamed or because
853 it has been moved to a new superior. An entry can be renamed
854 directly by a p-rename-entry primitive, or as a side-effect of other
855 primitives causing changes to distinguished values. While each move
856 or rename of an entry potentially causes a conflict with some other
857 entry already having the new Distinguished Name, it also potentially
858 removes a previous conflict on the old Distinguished Name. To enable
859 the CheckUniqueness function to remove the Unique Identifier from an
860 entry's RDN when it is no longer needed, the old name for an entry is
861 passed through the second and third parameters. The parameter, S, is
862 the Unique Identifier of the old superior entry of E, and the
863 parameter, R, is the old RDN of E. CheckUniqueness ignores
864 distinguished entryUUID values when comparing entry RDNs. The
865 function BaseRDN(rdn) returns its argument minus any distinguished
866 entryUUID values, to support these comparisons.
868 CheckUniqueness(E, S, R)
870 make E.uid non-distinguished
871 IF there exists exactly one subordinate entry, C, of S
872 where BaseRDN(C.rdn) = BaseRDN(R)
873 make C.uid non-distinguished
875 make C.uid distinguished
876 ELSE IF there exists a subordinate entry, C, of E.superior
877 where E <> C AND BaseRDN(C.rdn) = BaseRDN(E.rdn)
879 make C.uid distinguished
880 make E.uid distinguished
884 Because updates are performed in isolation at multiple directory
885 servers in a multimaster configuration it is possible to encounter a
886 situation where there is a request to delete a distinguished value in
887 an entry. The recommended practice in these circumstances is to
888 remove the distinguished value and call CheckUniqueness to correct
889 any resulting name conflicts. An implementation MAY instead reassert
890 the existence of the distinguished value with a more recent CSN to
891 avoid altering the entry's RDN. This option is only available to
892 updatable replicas. Read-only replicas MUST remove the distinguished
893 value. The function ProtectDistinguished() returns true for an
894 updatable part of the DIT in a directory server that implements this
898 Legg & Payne Expires 29 December 2000 [Page 16]
900 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
903 option, and false otherwise. directory servers exercising this
904 option MUST generate a p-add-attribute-value primitive so that other
905 directory servers are guaranteed to also reassert the distinguished
906 value. Directory servers that implement the option will correctly
907 interwork with servers that do not.
909 The primitives p-add-entry and p-rename-entry contain common elements
910 that are applied to the Relative Distinguished Name of an entry in
911 the same way. This common processing is described in the RenameEntry
912 procedure. The parameters to this procedure are the entry, E, and
913 the p-add-entry or p-rename-entry primitive specifying the new RDN.
914 The procedure assumes that the entry does not currently contain any
915 distinguished values. It is the responsibility of the calling
916 procedure to first reset any pre-existing distinguished values to
917 non-distinguished. The procedure then resets the CSNs and sets the
918 distinguished flags for existing values and adds distinguished values
919 if necessary. The CSN for the entry's RDN, as distinct from the CSNs
920 on each of the distinguished values making up the RDN, is also set.
924 FOREACH AttributeTypeAndValue, N, in P.rdn
925 IF there exists an attribute value, V, in E of type N.type
930 replace V with N.value if they are not identical
935 ELSE IF ProtectDistinguished()
938 add V to E as a distinguished value
940 FOREACH attribute deletion record (uid, type, csn)
941 where (uid = P.uid AND type = N.type)
944 FOREACH value deletion record (uid, type, value, csn)
945 where (uid = P.uid AND type = N.type AND value = N.value)
948 V.csn := GenerateNextCSN(V.csn)
950 ELSE IF no attribute deletion record (uid, type, csn) exists
954 Legg & Payne Expires 29 December 2000 [Page 17]
956 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
959 where (uid = P.uid AND type = N.type AND csn > P.csn)
960 AND no value deletion record (uid, type, value, csn) exists
961 where (uid = P.uid AND type = N.type AND
962 value = N.value AND csn > P.csn)
965 add V to E as a distinguished value
972 5.3.6 Processing Add Attribute Value Primitive
974 This section details the algorithm for processing the p-add-
975 attribute-value (P.uid, P.type, P.value, P.csn) primitive, which
976 describes the addition of a single attribute value. If P.type is the
977 entryUUID attribute type then the primitive MUST be rejected.
979 IF no value deletion record (uid, type, value, csn) exists where
980 (uid = P.uid AND type = P.type
981 AND value = P.value AND csn > P.csn)
982 AND no attribute deletion record (uid, type, csn) exists where
983 (uid = P.uid and type = P.type AND csn > P.csn)
984 AND no entry deletion record (uid, csn) exists where
985 (uid = P.uid AND csn > P.csn)
987 IF entry, E, with uid = P.uid does not exist
988 E := CreateGlueEntry(P.uid)
990 IF attribute value V, of type P.type
991 where V = P.value exists in E
997 replace V with P.value if they are not identical
998 IF V is distinguished
999 AND P.type is a single-valued attribute type
1000 CheckUniqueness(E, E.superior, R)
1006 Add V to E as a non-distinguished attribute value
1010 Legg & Payne Expires 29 December 2000 [Page 18]
1012 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
1020 5.3.7 Processing Remove Attribute Value Primitive
1022 This section details the algorithm for processing the p-remove-
1023 attribute-value (P.uid, P.type, P.value, P.csn) primitive, which
1024 describes the removal of a single attribute value. If P.type is the
1025 entryUUID attribute type then the primitive MUST be rejected.
1027 IF no value deletion record (uid, type, value, csn) exists
1028 where (uid = P.uid AND type = P.type AND
1029 value = P.value AND csn >= P.csn)
1031 no attribute deletion record (uid, type, csn) exists
1032 where (uid = P.uid AND type = P.type AND csn >= P.csn)
1034 no entry deletion record (uid, csn) exists
1035 where (uid = P.uid AND csn >= P.csn)
1036 IF entry, E, with uid = P.uid exists
1039 IF attribute value, V, of P.type
1040 where V = P.value, exists in E
1043 IF V is distinguished
1044 IF ProtectDistinguished()
1045 V.csn := GenerateNextCSN(P.csn)
1050 CheckUniqueness(E, E.superior, R)
1051 StoreValueDeletion (P.uid, P.type, P.value, P.csn)
1056 StoreValueDeletion (P.uid, P.type, P.value, P.csn)
1060 StoreValueDeletion (P.uid, P.type, P.value, P.csn)
1066 Legg & Payne Expires 29 December 2000 [Page 19]
1068 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
1071 StoreValueDeletion (P.uid, P.type, P.value, P.csn)
1073 The presence of a younger deletion record for the entry, attribute or
1074 value provides a convenient test for whether the p-remove-attribute-
1075 value primitive needs to be processed at all. If the value exists to
1076 be removed then there cannot be a deletion record affecting it that
1077 has a younger CSN. If there is a younger deletion record than the
1078 primitive then there cannot be an older value to remove.
1081 5.3.8 Processing Remove Attribute Primitive
1083 This section details the algorithm for processing the p-remove-
1084 attribute (P.uid, P.type, P.csn) primitive, which describes the
1085 removal of all attribute values of P.type. If P.type is the
1086 entryUUID attribute type then the primitive MUST be rejected.
1088 IF no attribute deletion record (uid, type, csn) exists
1089 where (uid = P.uid AND type = P.type AND csn >= P.csn)
1090 AND no entry deletion record (uid, csn) exists where
1091 (uid = P.uid AND csn >= P.csn)
1092 IF entry, E, with uid = P.uid exists
1096 FOREACH attribute value, V, of type P.type in E (if any)
1098 IF V is distinguished
1099 IF ProtectDistinguished()
1100 V.csn := GenerateNextCSN(P.csn)
1105 CheckUniqueness(E, E.superior, R)
1109 StoreAttributeDeletion (P.uid, P.type, P.csn)
1113 StoreAttributeDeletion (P.uid, P.type, P.csn)
1116 5.3.9 Processing Add Entry Primitive
1118 This section details the algorithm for processing the p-add-entry
1122 Legg & Payne Expires 29 December 2000 [Page 20]
1124 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
1127 (P.uid, P.superior, P.rdn, P.csn) primitive, which describes the
1128 addition of an entry. The CSN on an entry records the time of the
1129 latest p-add-entry primitive for the Unique Identifier. In normal
1130 circumstances there will only ever be one p-add-entry primitive
1131 associated with an entry. The entry CSN MAY be discarded when it
1132 becomes eligible to be purged according to the Purge Vector.
1134 IF no entry deletion record (uid, csn) exists where
1135 (uid = P.uid AND csn > P.csn)
1136 IF entry, E, with uid = P.uid exists
1143 FOREACH attribute type, T, in E, except entryUUID
1144 FOREACH attribute value, V, of type T
1147 CheckUniqueness(E, S, R)
1148 process P according to
1149 p-rename-entry(P.uid, P.rdn, P.csn)
1150 process P according to
1151 p-move-entry(P.uid, P.superior, P.csn)
1160 IF an entry with uid = P.superior does not exist
1161 CreateGlueEntry(P.superior)
1162 E.superior = P.superior
1163 E.superior.csn := P.csn
1165 CheckUniqueness(E, E.superior, E.rdn)
1169 5.3.10 Processing Remove Entry Primitive
1171 This section details the algorithm for processing the p-remove-entry
1172 (P.uid, P.csn) primitive, which describes the removal of an entry.
1173 If the target entry has attribute values with CSNs greater than the
1174 primitive's CSN, a superior reference with a greater CSN, or if it
1178 Legg & Payne Expires 29 December 2000 [Page 21]
1180 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
1183 has any subordinate entries, it becomes a glue entry instead of being
1184 removed. It is also moved to Lost & Found, unless it has a CSN for
1185 its superior reference that is greater than the CSN of the p-remove-
1188 IF no entry deletion record (uid, csn) exists
1189 where (uid = P.uid AND csn >= P.csn)
1190 IF entry, E, with uid = P.uid exists
1194 IF E.superior.csn >= P.csn
1195 OR any value, V, with csn >= P.csn exists
1196 OR E has subordinates
1202 IF E.superior.csn < P.csn
1204 E.superior := LOST_AND_FOUND
1205 purge E.superior.csn
1207 IF E.rdn.csn < P.csn
1209 FOREACH attribute type, T, in E, except entryUUID
1210 FOREACH attribute value, V, of type T
1213 CheckUniqueness(E, S, R)
1217 StoreEntryDeletion (P.uid, P.csn)
1221 StoreEntryDeletion (P.uid, P.csn)
1224 5.3.11 Processing Move Entry Primitive
1226 This section details the algorithm for processing the p-move-entry
1227 (P.uid, P.superior, P.csn) primitive, which describes the moving of
1228 an entry to a new immediate superior in the DIT. If the new superior
1229 specified by the primitive does not exist, or is a direct or indirect
1230 subordinate of the entry being moved, then the entry is moved to Lost
1234 Legg & Payne Expires 29 December 2000 [Page 22]
1236 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
1241 IF no entry deletion record (uid, csn) exists
1242 where (uid = P.uid AND csn > P.csn)
1244 IF entry, E, with uid = P.uid does not exist
1245 E := CreateGlueEntry(P.uid)
1246 IF P.csn > E.superior.csn
1250 IF entry, S, with uid = P.superior does not exist
1251 S := CreateGlueEntry(P.superior)
1252 IF S is not in the subtree of E
1254 E.superior := P.superior
1255 E.superior.csn = P.csn
1259 E.superior := LOST_AND_FOUND;
1260 E.superior.csn := GenerateNextCSN(P.csn)
1262 CheckUniqueness(E, O, R)
1267 5.3.12 Processing Rename Entry Primitive
1269 This section details the algorithm for processing the p-rename-entry
1270 (P.uid, P.rdn, P.csn) primitive, which describes a change to the
1271 Relative Distinguished Name of an entry. A p-rename-entry primitive
1272 that is older than current name of an entry is not simply ignored
1273 since it may contain attribute values that would have been added to
1274 the entry had the primitives arrived in CSN order. These extra
1275 values would now be non-distinguished.
1277 IF no entry deletion record (uid, csn) exists
1278 where (uid = P.uid AND csn >= P.csn)
1280 IF entry, E, with uid = P.uid does not exist
1281 E := CreateGlueEntry(P.uid)
1282 IF P.csn > E.rdn.csn
1285 FOREACH distinguished attribute value, V, in entry E
1286 make V non-distinguished
1290 Legg & Payne Expires 29 December 2000 [Page 23]
1292 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
1296 CheckUniqueness(E, E.superior, R)
1299 FOREACH AttributeTypeAndValue, N, in P.rdn
1301 IF there exists an attribute value, V, in E of type
1302 N.type AND V = N.value
1306 replace V with N.value if they are not identical
1312 IF no value deletion record (uid, type, value, csn)
1313 exists where (uid = P.uid AND type = N.type AND
1314 value = N.value AND csn > P.csn)
1316 no attribute deletion record (uid, type, csn)
1317 exists where (uid = P.uid AND type = N.type AND
1329 6. Security Considerations
1331 The procedures described in this document are not subject to access
1332 controls on the directory data items being modified. Specifically,
1333 the update primitives received from a peer replica are applied
1334 without regard for access controls. This is necessary so that access
1335 control information can also be replicated. An LDUP enabled server
1336 entering into a multi-master replication agreement with a peer server
1337 is enabling joint authority and responsibility for some part of the
1338 directory data. A replica must trust that the other replicas are
1339 properly enforcing access controls on user update requests, but this
1340 trust extends only as far as described by the replication agreements
1341 currently in place. The replication agreement acts as a surrogate
1342 for access controls between peer replicas. Replication primitives
1346 Legg & Payne Expires 29 December 2000 [Page 24]
1348 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
1351 that are outside the scope of the agreement are rejected.
1353 Authentication of peer replica LDUP sessions and the security of the
1354 exchange of replication primitives through the LDUP protocol are
1355 outside the scope of this document and are described elsewhere.
1357 Simultaneous updates at different replicas can result in two entries,
1358 corresponding to two different real world entities, having the same
1359 distinguished name. The Update Reconciliation Procedures
1360 disambiguate these two names by appending the respective Unique
1361 Identifiers to the entries' RDNs. This action will disable any
1362 access controls based on an entry's specific DN or RDN. Disabling
1363 such an access control may have the effect of granting a permission
1364 that was explicitly denied. Since a Unique Identifier is required to
1365 be globally unique for all time, appending a Unique Identifier to the
1366 RDN cannot unintentionally enable access controls applying to a
1367 different real world entity.
1369 It is sufficient when disambiguating entry RDNs to append the UID to
1370 only one of a pair of entries ending up with the same name. The
1371 Update Reconciliation Procedures require both entries to have their
1372 UID appended to minimize the chance that either entry will gain
1373 permissions intended for the other. This is based on the assumption
1374 that most access controls will grant permissions rather than deny
1380 The authors would like to thank Suellen Faulks and Tony Robertson
1381 from Telstra and Mark Ennis from Adacel Technologies who contributed
1382 to the design and verification of the procedures described in this
1385 The authors would also like to thank the members of the LDUP
1386 architecture group for their input into the refinement of the design.
1391 [RFC2119] - S. Bradner, "Key words for use in RFCs to Indicate
1392 Requirement Levels", RFC 2119.
1394 [LDAPv3] - M. Wahl, S. Kille, T. Howes, "Lightweight Directory Access
1395 Protocol (v3)", RFC 2251, December 1997.
1397 [X500] - ITU-T Recommendation X.500 (08/97) | ISO/IEC 9594-1:1998,
1398 Information Technology - Open Systems Interconnection - The
1402 Legg & Payne Expires 29 December 2000 [Page 25]
1404 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
1407 Directory: Overview of concepts, models and services
1409 [X511] - ITU-T Recommendation X.511 (08/97) | ISO/IEC 9594-3:1998,
1410 Information Technology - Open Systems Interconnection - The
1411 Directory: Abstract service definition
1413 [BCP-11] - R. Hovey, S. Bradner, "The Organizations Involved in the
1414 IETF Standards Process", BCP 11, RFC 2028, October 1996.
1417 9. Intellectual Property Notice
1419 The IETF takes no position regarding the validity or scope of any
1420 intellectual property or other rights that might be claimed to
1421 pertain to the implementation or use of the technology described in
1422 this document or the extent to which any license under such rights
1423 might or might not be available; neither does it represent that it
1424 has made any effort to identify any such rights. Information on the
1425 IETF's procedures with respect to rights in standards-track and
1426 standards-related documentation can be found in BCP-11. [BCP-11]
1427 Copies of claims of rights made available for publication and any
1428 assurances of licenses to be made available, or the result of an
1429 attempt made to obtain a general license or permission for the use of
1430 such proprietary rights by implementors or users of this
1431 specification can be obtained from the IETF Secretariat.
1433 The IETF invites any interested party to bring to its attention any
1434 copyrights, patents or patent applications, or other proprietary
1435 rights which may cover technology that may be required to practice
1436 this standard. Please address the information to the IETF Executive
1440 10. Copyright Notice
1442 Copyright (C) The Internet Society (2000). All Rights Reserved.
1444 This document and translations of it may be copied and furnished to
1445 others, and derivative works that comment on or otherwise explain it
1446 or assist in its implementation may be prepared, copied, published
1447 and distributed, in whole or in part, without restriction of any
1448 kind, provided that the above copyright notice and this paragraph are
1449 included on all such copies and derivative works. However, this
1450 document itself may not be modified in any way, such as by removing
1451 the copyright notice or references to the Internet Society or other
1452 Internet organizations, except as needed for the purpose of
1453 developing Internet standards in which case the procedures for
1454 copyrights defined in the Internet Standards process must be
1458 Legg & Payne Expires 29 December 2000 [Page 26]
1460 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
1463 followed, or as required to translate it into languages other than
1466 The limited permissions granted above are perpetual and will not be
1467 revoked by the Internet Society or its successors or assigns.
1469 This document and the information contained herein is provided on an
1470 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
1471 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
1472 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
1473 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
1474 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
1477 11. Authors' Addresses
1480 Adacel Technologies Ltd.
1482 Brighton, Victoria 3186
1485 Phone: +61 3 8530 7808
1486 Fax: +61 3 9596 2960
1487 EMail: steven.legg@adacel.com.au
1491 21/242 Exhibition Street
1492 Melbourne, Victoria 3000
1495 Phone: +61 3 9634 4628
1496 EMail: alison.payne@team.telstra.com
1498 12. Appendix A - Changes From Previous Drafts
1500 12.1 Changes in Draft 01
1502 Some of the terminology has been changed to better align with the
1503 terminology used in the LDUP architecture draft.
1505 Descriptions on the usage of CSNs have been revised to account for
1506 the extra modification number component.
1508 The semantics of re-added entries has been simplified so that only
1509 changes after the latest re-add are preserved instead of all those
1510 after the earliest re-add. This eliminates the need for Addition
1514 Legg & Payne Expires 29 December 2000 [Page 27]
1516 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
1519 CSNs in the entry. It is anticipated that new replication primitives
1520 will be introduced to manage entries that come and go from partial
1521 replicas instead of using p-add-entry and p-remove-entry.
1523 Orphaned entries are no longer moved directly to Lost & Found.
1524 Instead a glue entry is created in Lost & Found for the missing
1525 superior and the orphaned entry becomes a subordinate of that. This
1526 change eliminates the need for explicit propagated primitives for
1527 moving orphaned entries to Lost & Found.
1529 Glue entries have also been used as the mechanism for saving
1530 primitives. There are no longer any references to saved primitives
1531 though the functionality is still present.
1533 The procedures for processing received replication primitives have
1534 been rearranged to follow a more consistent pattern where the
1535 presence of deletion records is tested first.
1537 12.2 Changes in Draft 02
1539 Multimaster replication has been dropped as a work item for the next
1540 edition of X.500 so references to the proposed X.500 multimaster
1541 replication protocol have been removed.
1543 The treatment of distinguished values has been simplified.
1544 Previously an attempt to remove a distinguished value caused the
1545 value to be tagged distinguished-not-present. Now the distinguished
1546 value is removed, and if necessary, the Unique Identifier is made
1547 distinguished to avoid an empty RDN. Optionally, the value to be
1548 removed can be reasserted by emitting an explicit p-add-attribute-
1551 The current draft is more implementation neutral. A replication log
1552 no longer figures prominently in the specification. The previous
1553 descriptions had the user updates generating replication primitives,
1554 which in turn were used to determine the CSNs and deletion records.
1555 The new descriptions have user updates generating CSNs and deletion
1556 records and the primitives are subsequently generated from them.
1558 12.3 Changes in Draft 03
1560 The draft has been edited to make use of the key words "MUST",
1561 "SHOULD", "MAY", etc.
1563 The treatment of server maintained operational attributes has been
1566 An extra CheckUniqueness call has been added to the procedure for
1570 Legg & Payne Expires 29 December 2000 [Page 28]
1572 INTERNET-DRAFT LDUP Update Reconciliation Procedures June 29, 2000
1575 processing the p-add-entry primitive (Section 5.3.9) to cover the
1576 case where an entry is re-added. A loop through all of the values of
1577 an entry in the p-add-entry and p-remove-entry processing has been
1578 altered to explicitly skip the entryUUID operational attribute. No
1579 other changes have been made to the behaviour of the Update
1580 Reconciliation Procedures from Draft 02.
1582 The list of references has been expanded.
1584 The Security Considerations section has been added.
1626 Legg & Payne Expires 29 December 2000 [Page 29]