François 'fanf' Armand
http://fanf42.blogspot.com
http://normation.com
That project is under ASF 2.0 license, see the
provided "LICENSE-ASF-2.0.txt" file or
http://www.apache.org/licenses/LICENSE-2.0.html
Use it at will, but don't complain if it breaks you hdtv.
LDAP, Replication, SyncRepl, RFC4533, Java LDAP SDK, Apache DS, UnboundID, Scala, Liftweb, Comet
This application is a show case about how to use two different Java LDAP SDKs to get synchronization information from an LDAP directory, thanks to "SyncRepl" protocol, standardized through RFC 4533, see: http://www.rfc-editor.org/rfc/rfc4533.txt
The two SDK are:
-
the Apache DS SDK http://directory.apache.org/ (which is more an internal API for the Apache Directory Server for now, but evolves quickly)
-
UnboundId LDAP SDK http://www.unboundid.com/products/ldapsdk, a full feature, pure Java LDAP SDK.
For each SDK, we build a service that handle a synchronization connection to a master LDAP server and process synchronization message and controls according to the SyncRepl protocol.
The service allows listener services to be connected to the synchronization service and to receive (decoded) synchronization messages.
For some more fun, the application is fully implemented in Scala 2.8.0, recently released: http://www.scala-lang.org/node/7009
The full application is a Lift web application that show in real-time synchronization message received from the LDAP server in a searchable and sortable HTML grid.
The web application plumbing is implemented as a listener service. This is done with Lift a comet actor, which update a web page in real time with the synchronization information received.
This project is coded in Scala, a language running on top of the JVM. You will need the last JDK, see: http://java.sun.com
This project use Maven 2 to manage dependencies for, and to be buit. So if you don't have it yet, see how to install it here: http://maven.apache.org
Now, test:
% mvn jetty:run
That should launch the web application on your http://localhost:8080/
But... wait, you also need an LDAP synchronisation event producer and to configure some properties to connect to it !
default.props configuration file is located in directory src/main/resources/props. Configuration option should be rather well documented, and all in all, you only have 4 mandatory configuration parameter to provide if your LDAP server is on localhost/389:
- Bind DN and password ;
- replication ID you want to use (if you don't have any idea about what to choose, consider using 42, it's a good answer)
- base DN of the search.
Note: if you use a war version of the demo app, you will need to unzip it, and then edit default.props that should be located in WEB-INF/classes directory before rezipping the war. Yes, it's awful, but we all love Java, won't we ?
-
install an OpenLDAP, and add some datas to it. Details of that operation are let as a game for the user ;)
-
configure OpenLDAP to be a syncrepl master. See: http://www.openldap.org/doc/admin24/replication.html
For a Debian based distribution it should be as easy as editing the OpenLDAP slapd.conf config file (if your OpenLDAP still use that format), to add:
######## # Load syncrepl dynamic module moduleload syncprov #### # Add that at the end of a database definition #### #syncrepl provider configuration overlay syncprov syncprov-checkpoint 100 2 syncprov-sessionlog 100 syncprov-reloadhint TRUE
OK, and now restart to test and enjoy simple LDAP replication !