From Free IPA

SCOPE: PAGE IS OBSOLETE.

Contents 1 Overview 2 Configuration 3 Schema 4 Code 4.1 Global Variables 4.2 Reading New Parameters 4.3 Getting nsUniqueId Attribute 4.4 Generating isReplicated Attribute 4.5 Getting User-defined Attributes 5 Patch 6 References

Overview

IPAv3 plans to utilize the Retro Change Log to help synchronizing IPA into Samba. A monitoring agent will be listening to the change log tree in IPA using persistent search. When a client performs an LDAP operation, it will be logged in the change log tree, then the monitor should detect that and subsequently invoke a sync agent which will perform the actual synchronization to Samba.

There are several issues with the current Retro Change Log implementation:

1. IPA and Samba entries are linked using the objectGUID which is stored in both entries. However, the change log entry currently only stores the DN of the IPA entry. In case of delete operation, the sync agent will not be able to find the objectGUID of that entry so it cannot delete the corresponding Samba entry. One solution is to record the objectGUID attribute in the change log entry as well.

2. Because of replication, when a client performs an operation on one instance, the change log entry will be duplicated to all other IPA instances. The sync agent should only synchronize the operation one time, so the monitor should filter out the duplicates. One solution is to add an attribute in the change log entry that indicates whether the operation is replicated.

See also:

• Bug #504651: Need to store additional attributes in Retro Changelog
• Bug #553027: Support for nsUniqueId and alias for additional retro changelog attributes
• Bug #557185: Unterminated string after strncpy in Retro Changelog Plugin

Configuration

The Retro Change Log plugin should accept a new multi-valued parameter nsslapd-attribute:

dn: cn=Retro Changelog Plugin,cn=plugins,cn=config
...
nsslapd-attribute: <attribute name>[:<alias>]

The nsslapd-attribute contains the name of the attribute that will be added into the change log entry. It may optionally contain an alias for storing the value in a different attribute name in the change log entry. The nsslapd-attribute can be specified multiple times.

There are 2 types of attributes that can be added:

• built-in attributes: special attributes generated by DS (e.g. nsUniqueId, isReplicated)
• target attributes: attributes stored in the target entry (e.g. objectClass)

The plugin should support at least the following built-in attributes:

• nsUniqueId: unique ID of the changed entry
• isReplicated: boolean value indicating whether the operation is replicated
  • TRUE: the operation was replicated from other instance
  • FALSE: the operation was performed locally on this instance

If at least one nsslapd-attribute is specified, the object class extensibleObject will be added to change log entry.

For example:

dn: cn=Retro Changelog Plugin,cn=plugins,cn=config
...
nsslapd-attribute: nsUniqueId:targetUniqueId
nsslapd-attribute: objectClass:targetObjectClass
nsslapd-attribute: isReplicated

The change log entry should look as follows:

dn: changeNumber=...,cn=changelog
objectClass: top
objectClass: changeLogEntry
objectClass: extensibleObject
changeNumber: ...
changeTime: ...
changeType: add/modify/modrdn/delete
targetDn: ...
targetUniqueId: <target object's nsUniqueId>
targetObjectClass: <target object's objectClass>
isReplicated: TRUE/FALSE

Schema

A new attribute isReplicated should be added into 01common.ldif or 02common.ldif:

attributeTypes: ( 2.16.840.1.113730.3.1.2085 NAME 'isReplicated' DESC 'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 X-ORIGIN 'Changelog Internet Draft' )

and 60changelog.ldif:

attributeTypes: (
  2.16.840.1.113730.3.1.2085
  NAME 'isReplicated'
  DESC 'a flag which indicates whether the change was replicated'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
  SINGLE-VALUE
  )

See also OID Assignments for Red Hat Directory Server.

Code

Changes should be made in ldap/servers/plugins/retrocl in the following methods:

• retrocl_start()
• retrocl_postob()
• write_replog_db()

Global Variables

int retrocl_nattributes = 0;
char **retrocl_attributes = NULL;

Reading New Parameters

Slapi_Entry *e = NULL;

if (slapi_pblock_get(pb, SLAPI_ADD_ENTRY, &e) != 0) {
    slapi_log_error(SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME, "missing config entry\n");
    return -1;
}

retrocl_attributes = slapi_entry_attr_get_charray(e, "nsslapd-attribute");

for (retrocl_nattributes=0;
    retrocl_attributes&& retrocl_attributes[retrocl_nattributes];
    retrocl_nattributes++) {
    ...
}

slapi_ch_array_free(retrocl_attributes);

Getting nsUniqueId Attribute

Slapi_Entry *entry;
char *uniqueId;

slapi_pblock_get(pb, SLAPI_ENTRY_POST_OP, &entry);
uniqueId = slapi_entry_get_uniqueid(entry);

...

Generating isReplicated Attribute

int repl_op = 0;

slapi_pblock_get(pb, SLAPI_IS_REPLICATED_OPERATION, &repl_op);

if (repl_op) return;

...

Getting User-defined Attributes

Slapi_Entry *entry;

slapi_pblock_get(pb, SLAPI_ENTRY_POST_OP, &entry);
char *value = slapi_entry_attr_get_charptr(entry, attributes[i]);

...

slapi_ch_free_string(&value);

Patch

The patch has been committed in these revisions:

• Need to store additional attributes in Retro Changelog
• Need to store additional attributes in Retro Changelog

References

• Parameter Block Reference
• slapi_entry_get_uniqueid()
• Information about the Connection
• Netscape Portable Runtime