About implementing syncrepl (rfc-4533) consumer

Question

About implementing syncrepl (rfc-4533) consumer

t2y opened this issue 2 years ago · comments

I am new to OpenLDAP. Recently, I started developing a module connected with the OpenLDAP server using go-ldap. Go-ldap really helps me. Thanks a lot.

I'm interested in syncrepl for LDAP Sync Replication. It is my understanding that syncrepl has 2 components, provider and consumer. I think the provider is an OpenLDAP server (maybe slapd). To use syncrepl in Go, I have to implement a consumer module. Does go-ldap have a plan to provide some functions related to syncrepl? I could not find resources about it.

Reference

Hanno Hecker · Answer 1 · Fri May 05 2023 02:01:19 GMT+0800 (China Standard Time)

This requires #319 to be merged first.

Tetsuya Morimoto · Answer 2 · Mon Jul 03 2023 06:52:34 GMT+0800 (China Standard Time)

@vetinari #440 (provides #319 feature) was merged. To implement syncrepl consumer, would you happen to have a plan or design? I am new to LDAP protocol, so any advice is welcome.

Tetsuya Morimoto · Answer 3 · Tue Jul 04 2023 10:21:42 GMT+0800 (China Standard Time)

I'm investigating. To provide syncrepl feature, I have to implement Controls as below.

1.3.6.1.4.1.4203.1.9.1.1	LDAP Content Synchronization Request Control	RFC 4533
1.3.6.1.4.1.4203.1.9.1.2	LDAP Content Synchronization State Control	RFC 4533
1.3.6.1.4.1.4203.1.9.1.3	LDAP Content Synchronization Done Control	RFC 4533
1.3.6.1.4.1.4203.1.9.1.4	LDAP Content Synchronization Info Intermediate Response	RFC 4533

https://ldap.com/ldap-oid-reference-guide/

To test a syncrepl consumer, the slapd server needs the below overlay configuration.

overlay syncprov

Tetsuya Morimoto · Answer 4 · Tue Jul 04 2023 11:53:27 GMT+0800 (China Standard Time)

#80 implemented Persistent Search, but this feature is different from syncrepl provided by OpenLDAP server (slapd).

2.16.840.1.113730.3.4.3	Persistent Search Request Control	          draft-ietf-ldapext-psearch
2.16.840.1.113730.3.4.7	Entry Change Notification Response Control	  draft-ietf-ldapext-psearch

Tetsuya Morimoto · Answer 5 · Tue Jul 04 2023 19:59:59 GMT+0800 (China Standard Time)

I understood the rough design. To provide the syncrepl feature, I have to implement Control structs to handle the above OID packets. Control structs encode/decode the packet from OpenLDAP server.

Tetsuya Morimoto · Answer 6 · Wed Jul 19 2023 08:51:09 GMT+0800 (China Standard Time)

I understood what the control is for.

Sync Request Control is used for client requests
Sync State Control is used for server responses
- request with mode=RefreshAndPersist, then get a response with ApplicationSearchResultEntry (4)
Sync Done Control is used for server responses
- request with mode=RefreshOnly, then get a response with ApplicationSearchResultDone (5)
Sync Info Control is used for server responses
- request with mode=RefreshAndPersist, then get a response with ApplicationIntermediateResponse (25)

I'm considering declaring another Response struct instead of reusing searchResponse because the generic search function differs from the persistent search provided by syncrepl (rfc-4533).

Tetsuya Morimoto · Answer 7 · Sat Aug 05 2023 23:55:25 GMT+0800 (China Standard Time)

I implemented it. Thanks for consulting with me.