Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot

LDAP replication using Perl

by mlm (Novice)
on Aug 15, 2001 at 21:59 UTC ( #105124=perlquestion: print w/replies, xml ) Need Help??
mlm has asked for the wisdom of the Perl Monks concerning the following question:

I am using I-Planet (aka Netscape Messaging Server) for my LDAP database. Netscape supports LDAP replication. Does anyone know of an existing script or library that will automatically recieve replication updates from Netscape LDAP. The basic Idea is, I need to be notified when an update occurs on the main LDAP database to trigger an event. Any help would be greatly appriciated. Thanks....

Replies are listed 'Best First'.
Re: LDAP replication using Perl
by blakem (Monsignor) on Aug 15, 2001 at 22:15 UTC
    Have you looked into Net::LDAP? We have a nice tutorial about it here in the monestary.


      Yes, I have been using the Net::LDAP lib quite abit...

      What I am most interested in is the LDAP replication feature.

      Here's what I currently have:

      As stated by Netscape "Replication is the mechanism by which directory data is automatically copied from one directory server to another. Using replication, you can copy everything from entire directory trees to individual directory entries between servers."

      Once you have configured Netscape LDAP for replication, it updates the:


      file every time an LDAP operation occurs.

      By monitoring this file, I can trigger my event. But, this is not an optimal solution, because every time it changes, I have to make a changelog call such as the following:

      $mesg = $ldap->search( base => 'cn=changelog', scope => 'sub', filter => '(changetype=add)', attrs => $attrs, callback => &callback );

      And then parse the return to check for changes. This is CPU expensive.

      The method I am looking for is a way for perl to emulate another LDAP database so that Netscape will automatically send replication updates to it, I would then trigger on only the updates I'm interested in.

        I don't think that iDS uses a standard LDAP call to update its replicas. It transfers more data, like changelognumber and credentials, between the both servers. This means that you can't use an, for example, OpenLdap server as a consumer for an iDS supplier. If it had used standard LDAP calls, you should have been able to use a LDAP server from any vendor as a consumer, which you can't.

        So you will not only need to emulate an iDS but also its Admin Server and the changelognumber transfering.

        If your application uses the LDAP server in a normal way (i.e. >95% of the requests are reads) I would write a plug-in that triggers on SLAPI_PLUGIN_POST_MODIFY_FN operation and write the modified data to a file. You could run that plug-in on a dedicated consumer and have a perl deamon poll for changes to that file.

        Just some thougths...

        /brother t0mas
Re: LDAP replication using Perl
by Anonymous Monk on Aug 16, 2001 at 09:00 UTC

    Is an audit log file suitable? /net/scape/v4/slapd-Directory/logs/audit (This keeps track of all change transactions that the directory has received) Would it be possible to intermittently poll this file or monitor it as it grows (tail -f) and subsequently handle the transactions appropriately?

    Regards, ...stick

Re: LDAP replication using Perl
by scottstef (Curate) on Aug 16, 2001 at 17:31 UTC
    I don't know if this helps, but we usually use egg drops. Most of our ldap mods are done thru a cgi, we then write to ldap, and to a file. Cron checks for those files and then manipulates the file to talk with our email server which has its own proprietary directory server. Not the most efficient way, but it works.

    "The social dynamics of the net are a direct consequence of the fact that nobody has yet developed a Remote Strangulation Protocol." -- Larry Wall

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://105124]
Approved by root
[Corion]: Mwahahaha - it looks as if $work will soonish be looking for a programmer (not to be employed by IT) to maintain some code, partly by me. Maybe even in Perl.
[Corion]: The sad thing is (I guess) the pay won't be that great (at least for the people I know), and working as a programmer not in IT isn't a great position to be in...

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (7)
As of 2018-05-24 15:01 GMT
Find Nodes?
    Voting Booth?