Configure notification mode

The changelog-include-key-attribute property specifies one or more attributes that should always be included in the change log entry. These are attributes needed to correlate entries between the source and destination, such as uid, employeeNumber, or mail. These properties are also needed for evaluating any filters in the Sync Class. For example, if notifications are only sent for user entries, and the Sync Class included the filter (objectclass=people), the objectclass attribute must be configured as a changelog-include-key-attribute so that the Sync Pipe can evaluate the inclusion criteria when processing the change. In standard mode, values needed in the filter are read from the entry itself after it is fetched instead of from the changelog entry. These attributes are always included in a change log entry, also called a change record, regardless if they have changed or not.

The changelog-include-key-attribute property causes the current (after-change) value of the specified attributes to be recorded in the ds-changelog-entry-key-attr-values attribute on the change log entry. This applies for all change types. During a delete operation, the values are from the entry before it was deleted. The key values are recorded on every change and override any settings configured in the changelog-include-attribute, changelog-exclude-attribute, changelog-deleted-entry-include-attribute, or changelog-deleted-entry-exclude-attribute properties in the directory server changelog. For more information, see Configuring the PingDirectory server.

Normal Lightweight Directory Access Protocol (LDAP)-to-LDAP synchronization topologies typically use dn as a correlation attribute. If dn is used as a correlation attribute only, the changelog-include-key-attribute property does not need to be set. However, if another attribute is used for correlation, this property must be set during the Sync Pipe configuration.

The LDAP change log attribute, ds-changelog-entry-key-attr-values, stores the attribute that is always included in a change log entry on every change for correlation purposes. In addition to regular attributes, virtual and operational attributes can be specified as entry keys.

To view an example, see the PingDirectory Server Administration Guide.

The changelog-max-before-after-values property specifies the maximum number of "before and after" values (default 200) that should be stored for any changed attribute in the change log. Also, when enabled, it will add the ds-changelog-before-values and ds-changelog-after-values attributes to any change record that contains changes (for Modify and ModifyDN).

The main purpose of the changelog-max-before-after-values property is to ensure that an excessively large number of changes is not stored for multi-valued attributes. In most cases, the directory server’s schema defines a multi-valued attribute to be unlimited in an entry. For example, if a group entry whose member attribute references 10000 entries, the desire might be to not have all of the attributes if a new member added.

If either the ds-changelog-before-values or the ds-changelog-after-values attributes exceed the count set in the changelog-max-before-after-values property, the attribute values are no longer stored in a change record, but its attribute name and number is stored in the ds-changelog-attr-exceeded-max-values-count attribute, which appears in the change record.

In addition to this property, set the use-reversible-form property to TRUE. This guarantees that sufficient information is stored in the change log for all operation types to be able to replay the operations at the destination. The create-sync-pipe-config tool configures these properties when it prepares the servers.

The changelog-max-before-after-values property configures the following change log attributes: