Robust Replication

Directory Server provides a robust replication mechanism, including the following features:

• Unlimited masters for replication

• Prioritized replication

• Replicated account lockout attributes

• Monitoring replication convergence

Unlimited Masters for Replication

In a multi-master replication environment, data is updated on multiple masters. Each master maintains a change log, and the changes made on each master are replicated to the other servers. Each master plays the role of supplier and consumer. Directory Server has no limits on the number of masters, allowing your multi-master replication topology to include an unlimited number of masters in multiple data centers.

You can also configure your replication topology to contain only masters, eliminating the need to route operations to consumers and simplifying your overall deployment.

Prioritized Replication

Directory Server allows you to prioritize updates for replication. Priority is a boolean feature and is on or off. You can prioritize replication according to the following parameters:

• Attribute name

  For example, a password attribute can be configured to replicate immediately.

• Operation type

  For example, you can set up add operations to have a higher priority than modification operations.

• Client identity

  For example, you can specify that modifications made by administrative users have a higher priority than modifications made by regular users.

• Entry or subtree

  For example, you can specify that a particular group has a higher priority than other groups.

The priority rules are configured on each master replica. The master can replicate an update to one or more hubs or consumer replicas. The priority of the update is then cascaded across all of the hubs and consumer replicas. If one parameter is configured for prioritized replication, all updates that have that parameter are prioritized for replication. If multiple parameters are configured for prioritized replication, only updates that match all parameters are prioritized for replication.

See Replication Priority in Oracle Fusion Middleware Administration Guide for Oracle Directory Server Enterprise Edition for instructions on configuring prioritized replication using command-line tools.

Replicated Account Lockout Attributes

Directory Server replicates account lockout data that is stored when a client application fails to authenticate to the server. You can use this feature with the Directory Proxy Server capability to route binds appropriately. Together, these features provide global account lockout. Global account lockout prevents a client application from gaining more than a specified number of login attempts across an entire directory service topology.

See Preventing Authentication by Using Global Account Lockout in Oracle Fusion Middleware Deployment Planning Guide for Oracle Directory Server Enterprise Edition for an overview of the topic.

Monitoring Replication Convergence

Directory Server quickly calculates the number of pending replication changes. Directory Server finds the oldest change that the consumer is aware of and can compare it with the other servers, making it possible to calculate the replication delay. From this change, the consumer can also browse the list of changes until the most recent change, and count the number of changes that need to be applied.

Moreover, this attribute can be queried with virtually no impact to Directory Server performance, regardless of how large the change log grows.

In the Directory Service Control Center, you can view a summary of all the pending changes for a given suffix. In the Suffixes tab, the pending changes are in the Missing Changes column, as shown in the following figure.