HOME | NEXT | PREVIOUS |
The Digital LDAP Directory Synchronizer Utility (LDSU) is a software tool that provides directory data exchange between an LDAP directory and virtually any other directory or database. LDSU can provide a necessary component to incorporate an enterprise-wide Meta-Directory service by providing a method to synchronize all directories. LDSU enables the automated and bi-directional exchange of electronic directory information in a multi-vendor environment . LDSU works with any directory that supports the LDAP protocol, or RFC 1777.
An enterprise directory synchronization solution is usually made up of a series of individual LDSU runs called "instances". Each LDSU instance either transfers data in or out of an LDAP directory.
A transfer in, or import, operation loads data from a Foreign Directory Text File into the LDAP directory. A transfer out, or export, operation extracts data from the LDAP directory and places it into a Foreign Directory Text File.
Each LDSU instance is made up of the following components:
LDSU Import mode compares an input file against an LDAP directory and updates the LDAP directory as needed using Add, Modify, and Delete transactions. The input file is a Foreign Directory File which consists of all the entries to be contained in the LDAP directory (i.e. the input file is a Full Export of the Foreign Directory).
Each entry in the input file is assigned a Group ID to mark that these entries are "owned" by this foreign directory import. (The Group ID is a constant value given to any LDAP directory attribute). LDSU compares all the entries in the input file (by creating an Input Metafile by using the RDF) with all previously imported entries in the directory for this Group ID (by extracting the entries to an Output Metafile) and updates the LDAP Directory as needed (using the Distinguished Name (DN) as the key):
LDSU Import mode also contains many options which are defined in the Config File:
The Import RDF may allow the data in the input file to:
In addition, the RDF provides functions to process the data (substitute, substring, uppercase, etc.) and has hooks to call user-written procedures if needed.
LDSU Transcaction mode applies transactions contained in the ADD, MODIFY, and/or DELETE input files against an LDAP directory. One, two, or all three of the input files may be specified. Or, if using LDIF changes format, one input file containing any change types may be specified.
Transaction mode is used when a "trusted" source has generated changes which LDSU will apply to the LDAP directory. LDSU processes files in the following order:
LDSU Transaction mode also contains many options which are defined in the Config File:
The Transaction Mode RDF allows the data in the input file(s) to have all the same formatting options as Import Mode. If using the LDIF format, however, the input file must be LDIF Changes format instead of LDIF Content format.
LDSU basic Export mode extracts records from an LDAP directory, based on a search base and search filters, and writes the records to a formatted output file.
LDSU Export mode also contains many options which are defined in the Config File:
The Export RDF may allow the data in the output file to:
In addition, the RDF provides functions to process the data (substitute, substring, uppercase, etc.) and has hooks to call user-written procedures if needed.
LDSU Export1 mode extracts records, which are identified in an input file, from an LDAP directory and writes those records to a formatted output file.
This mode differs from basic Export Mode in that the input file tells LDSU which records to extract from the LDAP directory. In basic Export Mode, the search filters derived from the configuration file determine which records are extracted.
The only new option in Export1 Mode is that records in the input file must be able to build the DN or one or more Key fields mey be specified instead of the DN. The key field(s) for each record in the input file must uniquely identify a record in the directory which is extracted into the output file.
An example of when this mode might be useful is when you want to extract records for a list of mail addresses. Specify the input file as a file containing the list of mail addresses (one per line). Specify the mail address attribute as the key field. Then each record which matches a mail address will be exported into the output file.
LDSU basic Changes mode compares an extract of records from an LDAP directory, based on a search base and search filters, with a previous extract (old metafile) and writes the changes to formatted output file(s):
This mode requires that the process which applies the changes generated by this LDSU run, signal that the changes were successfully applied and that the current extract (new metafile) be used as the previous extract (old metafile) the next time this LDSU changes instance is run.
Changes are written to separate ADD, DELETE, and (optionally) MODIFY output files or to a single output file which contains all the changes. If an ADD and DELETE file are specifed and a MODIFY output file is not specified, MODIFY changes are written as a DELETE record (containing the previous record) and an ADD record (containing the changed record). If using LDIF Changes format for the output file, only a single output file should be specified.
LDSU Changes mode also contains many options which are defined in the Config File:
The Changes RDF may allow the data in the output file to:
In addition, the RDF provides functions to process the data (substitute, substring, uppercase, etc.) and has hooks to call user-written procedures if needed.
LDSU Changes1 mode compares an extract of records from an LDAP directory, based on a search base and search filters, with an input file containing a full export from a foreign directory and writes the changes to formatted output file(s) to be applied back to the foreign directory.
This mode differs from basic Changes Mode in that feedback from the Foreign Directory File is used to decide what has changed. In basic Changes Mode, it is assumed that all ADD, MODIFY, and DELETES are applied successfully to the foreign directory or they must all be regenerated. Also, basic Changes Mode assumes that no other factors can alter data in the foreign directory. In Changes1 Mode, each set of ADD, MODIFY, and DELETE records are based on comparing the LDAP directory with what is actually in the foreign directory.
This mode can only be used when the foreign directory is able to provide a timely full export of its directory to compare against.
The only new option in Changes1 Mode is that records in the Foreign Directory
Input File must be able to build the DN or one or more Key fields mey be
specified instead of the DN if the foreign directory cannot derive the DN. The
key field(s) for each record in the input file must uniquely identify a record
in the directory whose DN is extracted to build the record in the Old Metafile.
HOME | NEXT | PREVIOUS |
Copyright © Digital Equipment Corporation 1998