Robust Replication

Directory Server provides a robust replication mechanism, including the following features:

• Unlimited masters for replication

• Prioritized replication

• Globally synchronized replication using the retro changelog

• Replicated account lockout attributes

• Monitoring replication convergence

Unlimited Masters for Replication

In a multimaster replication environment, data is updated on multiple masters. Each master maintains a change log, and the changes made on each master are replicated to the other servers. Each master plays the role of supplier and consumer. Directory Server has no limits on the number of masters, allowing your multimaster replication topology to include an unlimited number of masters in multiple data centers.

You can also configure your replication topology to contain only masters, eliminating the need to route operations to consumers and simplifying your overall deployment.

Prioritized Replication

Directory Server allows you to prioritize updates for replication. Priority is a boolean feature and is on or off. You can prioritize replication according to the following parameters:

• Attribute name

  For example, a password attribute can be configured to replicate immediately.

• Operation type

  For example, you can set up add operations to have a higher priority than modification operations.

• Client identity

  For example, you can specify that modifications made by administrative users have a higher priority than modifications made by regular users.

• Entry or subtree

  For example, you can specify that a particular group has a higher priority than other groups.

The priority rules are configured on each master replica. The master can replicate an update to one or more hubs or consumer replicas. The priority of the update is then cascaded across all of the hubs and consumer replicas. If one parameter is configured for prioritized replication, all updates that have that parameter are prioritized for replication. If multiple parameters are configured for prioritized replication, only updates that match all parameters are prioritized for replication.

See Replication Priority in Sun Java System Directory Server Enterprise Edition 6.2 Administration Guide for instructions on configuring prioritized replication using command-line tools.

Globally Synchronized Replication Using the Retro Changelog

The retro changelog receives updates from all master replicas in the topology. The updates from each master replica are combined in the retro changelog. The retro changelog provides a way for applications to track changes so that they can be synchronized. Directory Server enables you to access a coherent version of the retro changelog on any master in a multimaster topology. You can also update your application to manage its state according to change numbers. This makes it possible to fail over between retro changelogs on different servers.

The global retro changelog contains all of the changes. If two changes occur on the same entry in two different locations, the retro changelog provides an ordered change description. If you query the retro changelog from any server, it will contain similar information.

See Replication and the Retro Change Log Plug-In in Sun Java System Directory Server Enterprise Edition 6.2 Reference for background information about the retro changelog.

Replicated Account Lockout Attributes

Directory Server replicates account lockout data that is stored when a client application fails to authenticate to the server. You can use this feature with the Directory Proxy Server capability to route binds appropriately. Together, these features provide global account lockout. Global account lockout prevents a client application from gaining more than a specified number of login attempts across an entire directory service topology.

See Preventing Authentication by Using Global Account Lockout in Sun Java System Directory Server Enterprise Edition 6.2 Deployment Planning Guide for an overview of the topic.

Monitoring Replication Convergence

Directory Server quickly calculates the number of pending replication changes. Directory Server finds the oldest change that the consumer is aware of and can compare it with the other servers, making it possible to calculate the replication delay. From this change, the consumer can also browse the list of changes until the most recent change, and count the number of changes that need to be applied.

Moreover, this attribute can be queried with virtually no impact to Directory Server performance, regardless of how large the change log grows.

In the Directory Service Control Center, you can view a summary of all the pending changes for a given suffix. In the Suffixes tab, the pending changes are in the Missing Changes column, as shown in the following figure.