6.3.6 Enabling Fast Synchronization for eDirectory Repository

To enable fast synchronization for the eDirectory repository that is configured as the Cloud Bridge external repository, ensure to install the change-log module on the eDirectory server. The change-log manages to log all the LDAP changes and enables fast sync for the eDirectory server.

Prerequisites

  • The change-log module 4.0.8.1 is supported on eDirectory 9.2.

  • To install the change-log module, you must have full rights to the root of eDirectory container.

  • For synchronizing changes, ensure that you have the following rights to the base container of eDirectory:

    • Entry Rights: The rights to create entries in the connected system.

    • Attributes Rights: The rights to modify the attributes in the connected system.

    • ACL: Supervisor

NOTE:If you have Identity Manager (IDM), Advanced Authentication, and a change-log module dedicated for IDM, you cannot point Advanced Authentication to the existing change-log module to achieve fast synchronization for the eDirectory repository. However, it is recommended to install a change-log module specifically for Advanced Authentication.

First, obtain the change-log module installer from here. The required files are available in the IDM_Changelog_4081.zip

Perform the following steps to extend the schema and install the change-log module:

  1. Create a remote eDirectory schema file (clschema.sch) with the following content:

    NDSSchemaExtensions DEFINITIONS ::=
BEGIN

"DirXML-ServerKeys" ATTRIBUTE ::=
{
        Operation               ADD,
        Flags                   {DS_READ_ONLY_ATTR, DS_HIDDEN_ATTR},
        SyntaxID                SYN_OCTET_STRING,
        ASN1ObjID               {2 16 840 1 113719 1 14 4 1 65}
}

END

  2. Extend the connected remote eDirectory schema to introduce a new attribute DirXMLServerKeys. You must perform an eDirectory heath check to ensure that the tree is ready to accept the new schema.

    To extend the clschema.sch schema file, use the ice utility.

    For example:

    ice -S SCH -f clschema.sch -D LDAP -s <remote eDirectory server> -d <Admin DN> -w <password>

  3. Stop eDirectory.

  4. Navigate to the directory containing the change-log RPM and perform one of the following actions:

    • To install the change-log RPM, run the following command:

      rpm -ivh <rpm name>.rpm

      Example: rpm -ivh ./novell-DXMLChlgx.rpm

    • To upgrade the change-log RPM, run the following command:

      rpm -Uvh --noscripts ./novell-DXMLChlgx.rpm

  5. Start eDirectory.