Java LDAP SDK for SyncRepl replication showcase

Java LDAP reborn

As you may know, I’m rather fond of the LDAP protocol and its open source server and client implementations.

But I’m also found of the JVM, and in a not so far past, the only maintained Java LDAP SDK was Sun’s LDAP-JNDI, which is at best a call for masochists to make them fulfil their perversions.

But that time seems to be far behind, and the Java-LDAP world evolved a lot in the last 5 years, with the creation of two open source LDAP servers fully built in Java (Open DS and Apache DS), the Spring framework sub-project Spring-LDAP, more recently the really good and already mature UnboundID LDAP SDK and finally the ongoing effort from OpenDS/ApacheDS teams to make a new reference Java LDAP API.

That’s nice, because LDAP server implementations are quite mature and really efficient NoSQL stores, in production in the biggest companies, in critical spots. But LDAP is also a really well thought-out protocol, and it’s normalized – something generally missing for other NoSQL stores, and something of much importance: it brings interoperability.

LDAP replication : introducing SyncRepl

OK, that was just a little context to introduce my latest toy application. NoSQL stores are (most of the time) associated with the idea of replication. Until rather recently, replication was a black point in the open source LDAP world, were no real standard had emerged for that need. Each server implementation was using its own proprietary protocol, if replication was available at all. But lately, it seems that OpenLDAP’s replication implementation, SyncRepl is starting to become the defacto standard: ApacheDS chose to use it for it’s own needs.

And that move was possible because, like almost everything in LDAP, SyncRepl is just an extension to the LDAP protocol, normalized in RFC 4533.

ApacheDS’ adoption of SyncRepl is a major news. It means that it opens the way to cross-LDAP server master-master replication, and an even stronger and integrated open source LDAP ecosystem.

But also, it becomes really interesting for third-party clients to use SyncRepl for their read-only synchronization needs. For example, it becomes trivial for an email client to replicate only a sub-part of the LDAP directory which contains contact information and only choose what attributes are needed – but also to stay synchronized with any of their future evolution.

Two Java APIs to implement a SyncRepl client

Well, it’s trivial for the client as soon as the LDAP library used knows how to handle SyncRepl extension. And what is really cool for us, Java users, is that we already have 2 available SDKs which allow that ! When I said at the beginning that things were changing in Java/LDAP world, that wasn’t a lie 🙂

The two SDKs are ApacheDS’ API, since their server uses SyncRepl for its replication system, and Unbound ID’s LDAP SDK which added it less than ten days ago (ok, after I asked for it’s availability, but the implementation was really fast: thank you Neil Wilson for your hard and great work).

Need for a showcase application

And for things to be really trivial for a client, the best is to have a working example available. It’s what I propose with the following show case application: Syncrepl Web Notifier, in short: Syweno.

Syweno has three goals:

  • see how to use ApacheDS and UnboundID LDAP SDKs to synchronize from a master LDAP server ;
  • define common interfaces and utility tools (an API) on top of the two SDKs to make a client application as easy as possible to implement, which mostly means “hide as much LDAP as we can, and provide a listener kind of interface for the client to process synchronization messages” ;
  • build a little client application that uses that API and visually demonstrates how it works. A web page that allow to start/stop a synchronization and display in real time updates made in the LDAP master is a good candidate.

So, the code source is available on github here:

And even if the code is the most interesting thing in that show case application, the web part looks like that:

Ah, and before you look at the code of Syweno and start to ask if you just forgot even basic Java syntax, don’t be afraid: it’s coded in Scala (and yes, that runs on the JVM, see the README.txt), using Liftweb framework – Comet is so easy to use with it, it’s not even fun.

Enjoy !

Share this post

Scroll to Top
Rudder robot

Release 8.1: no need to play hide-and-seek with compliance, Rudder Score has been deployed!

Security management module details

This module targets maximum security and compliance for managing your infrastructure, with enterprise-class features such as:
Learn more about this module on the Security management page

Configuration & patch management module details

This module targets maximum performance and reliability for managing your infrastructure and patches, with enterprise-class features such as:

Learn more about this module on the Configuration & patch management page