PingDirectory

Working with LDAP transactions

The PingDirectory server provides support for batched transactions, which are processed together at commit time.

Applications developed to perform batched transactions should include as few operations in the transaction as possible. The changes aren’t actually processed until the commit request is received. Therefore, the client can’t know whether the changes are successful until commit time. If any of the operations fail, then the entire set of operations fails.

Batched transactions are write operations that are processed as a single atomic unit when the commit request is received. The write operations include the following:

  • add

  • delete

  • modify

  • modify DN

  • password modify

If an abort request is received or an error occurs during the commit request, the changes are rolled back. The batched transaction mechanism supports the standard LDAP transaction implementation based on RFC 5805. It’s not currently possible to process a transaction that requires changes to be processed across multiple servers or multiple PingDirectory server backends.

Directory servers can limit the set of controls that are available for use in requests that are part of a transaction. RFC 5805 section 4 indicates that you can use the following controls in conjunction with the transaction specification request control:

  • Assertion request control

  • manageDsaIT request control

  • Pre-read request control

  • Post-read request control

The proxied authorization v1 and v2 controls can’t be included in requests that are part of a transaction, but they can be included in the start transaction request to indicate that all operations within the transaction should be processed with the specified authorization identity.

The PingDirectory server supports the following additional controls in conjunction with operations included in a transaction:

  • Account usable request control

  • Hard delete request control

  • Intermediate client request control

  • Password policy request control

  • Replication repair request control

  • Soft delete request control

  • Soft-deleted entry access request control

  • Subtree delete request control, and undelete request control

Requesting a batched transaction using ldapmodify

About this task

You can run the ldapmodify tool’s --useTransaction option to process multiple operations as part of a single batched transaction.

Steps

  1. Create a batch text file with the changes that you want to apply as a single atomic unit.

    Example:

    dn:uid=user.3,ou=People,dc=example,dc=com
changetype: delete
dn:uid=user.1,ou=People,dc=example,dc=com
changetype: modify
replace: pager
pager: +1 383 288 1090

  2. To run the batched transaction, run the ldapmodify tool with the --useTransaction and --filename options.

    Example:

    $ bin/ldapmodify --useTransaction --filename test.ldif

    Result:

    #Successfully created a transaction with transaction ID 400
#Processing DELETE request for uid=user.3,ou=People,dc=example,dc=com
#DELETE operation successful for DN uid=user.3,ou=People,dc=example,dc=com
#This operation will be processed as part of transaction 400
#Processing MODIFY request for uid=user.1,ou=People,dc=example,dc=com
#MODIFY operation successful for DN uid=user.1,ou=People,dc=example,dc=com
#This operation will be processed as part of transaction 400
#Successfully committed transaction 400