1 / 12

LDAP Client Update Protocol (LCUP)

LDAP Client Update Protocol (LCUP). Olga Natkovich Sun-Netscape Alliance olga@netscape.com. Introduction. LCUP is intended to synchronize LDAP clients with content stored by LDAP servers. Problem areas address mobile clients that maintain local data cache meta directory applications

faxon
Télécharger la présentation

LDAP Client Update Protocol (LCUP)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. LDAP Client Update Protocol(LCUP) Olga Natkovich Sun-Netscape Alliance olga@netscape.com

  2. Introduction • LCUP is intended to synchronize LDAP clients with content stored by LDAP servers. • Problem areas address • mobile clients that maintain local data cache • meta directory applications • event triggers • Problem areas not addressed • server to server synchronization (addressed by LDUP) • LCUP combines features of DirSync, Persistent search and Triggered search

  3. Protocol Characteristics • Supports one way synchronization only. • Server does not maintain any state information on behalf of the clients. Clients maintain the state information passed to them by the server in a cookie. • No predefined agreements. Clients decide when and from which server to get the changes. • Clients always initiate synchronization sessions. • Clients always pull the data from a server.

  4. Protocol Elements • clientUpdateControlValue ::= SEQUENCE{ cookie OCTET STRING OPTIONAL keepConnection BOOLEAN DEFAULT FALSE changesOnly BOOLEAN DEFAULT FALSE} • entryUpdateControlValue ::= SEQUENCE{ cookie OCTET STRING OPTIONAL stateUpdate BOOLEAN DEFAULT FALSE entryDeleted BOOLEAN DEFAULT FALSE} • clientUpdateDoneControlValue ::= SEQUENCE{ reason INTEGER reasonText STRING OPTIONAL cookie OCTET STRING OPTIONAL} • stopClientUpdate extended operations

  5. Event Triggering

  6. Non-persistent Synchronization

  7. Non-persistent Synchronization (cont.)

  8. Persistent Synchronization

  9. Persistent Synchronization (cont.)

  10. Features under discussion • Change type: present in triggered search; attaches a reason for return to each entry sent to the client. Hard to implement for historical changes. • Sending changes: present in DirSync; only modified attributes rather than all attributes requested by the client are returned. • Size Limit: present in DirSync; allows to specify the amount of data (in bytes) that can be sent to the client. Standard LDAP mechanism can be used instead. • Data Ordering: present in DirSync; guarantees that the parent is sent before a child for adds and vise versa for deletes. Useful for hierarchical data but hard to implement.

  11. LCUP and LDUP • The scope of each search operation is restricted to a single LDUP replica. • Each entry returned to the client contains uniqueid as defined in LDUP. The uniqueid can be used by the client to uniquely cross-reference the data in the client’s data store and the directory data. • Protocol features can be implemented efficiently by an LDUP compliant server.

  12. Security Considerations • Access control enforcement on the data. • Use of the protocol is restricted to “trusted” clients. • Mechanism to identify and disconnect malicious clients. • Server behavior is not specified for the case where data becomes not visible to the client due to access control changes. • Proper behavior is not guaranteed if access control on the data is changed from more restrictive to less restrictive one.

More Related