[389-users] sub-tree synchronization/watching: persistent search questions
pspacek at redhat.com
Fri Jun 7 11:42:27 UTC 2013
I would like to get opinions from 389 gurus to following problem.
I have an application (DNS server), which needs to read content of whole one
sub-tree (cn=dns, dc=test) and keep it synchronized.
The work flow is:
1) Application (DNS server) starts
2) Application reads all existing data out from the sub-tree
3) Application does /something/ with the existing data and starts replying to
4) Sub-tree has to be kept in sync with LDAP server, i.e. updates from LDAP
server should be incrementally applied to the 'state' inside the application
The problem with persistent search is that it doesn't offer any reliable
'signal' that step (2) ended. The search is just running for infinite time and
I can't find any signal that all existing entries were read already and now
the application will get only Entry Change Notifications.
Basically, I'm looking for something like LDAP syncRepl in refreshAndPersist
mode with no cookie (RFC 4533 section 1.3.2 and section 3.4).
I know that Entry Change Notification from persistent search contains bit
field which denotes if the entry was added/modified/deleted/nothing (i.e. not
modified, just read). Unfortunately, this bit field can't be used for
*reliable* detection that all existing entries were read.
Could this 'hack' work reliably?
1) Start persistent search (in separate application thread), but suspend
2) In another application thread, do the normal sub-tree search on the same
sub-tree. Normal search will be started *after* the persistent search.
3) Process all results from normal search first
4) Do /something application specific/
5) Start processing updates from persistent search
In my application I can cope with duplicates, when 'normal' search returned
entry cn=xyz and the persistent search returned the same entry cn=xyz again.
I can see another option:
To implement 389 plugin which will provide (very partial) support for RFC
4533. The idea is to implement only state-less pieces (no cookies) and return
some error when client attempts to use a cookie.
Could somebody judge how difficult it can be? From my (naive) point of view
are state-less parts of RFC 4533 only 'persistent search encapsulated in
another LDAP controls'.
Thank you very much for your time.
More information about the 389-users