Working with LDAP transactions
The PingDirectory server provides support for batched transactions, which are processed together at commit time.
Applications developed to perform batched transactions should include as few operations in the transaction as possible. The changes aren’t actually processed until the commit request is received. Therefore, the client can’t know whether the changes are successful until commit time. If any of the operations fail, then the entire set of operations fails.
Batched transactions are write operations that are processed as a single atomic unit when the commit request is received. The write operations include the following:
-
add
-
delete
-
modify
-
modify DN
-
password modify
If an abort request is received or an error occurs during the commit request, the changes are rolled back. The batched transaction mechanism supports the standard LDAP transaction implementation based on RFC 5805. It’s not currently possible to process a transaction that requires changes to be processed across multiple servers or multiple PingDirectory server backends.
Directory servers can limit the set of controls that are available for use in requests that are part of a transaction. RFC 5805 section 4 indicates that you can use the following controls in conjunction with the transaction specification request control:
-
Assertion request control
-
manageDsaIT request control
-
Pre-read request control
-
Post-read request control
The proxied authorization v1 and v2 controls can’t be included in requests that are part of a transaction, but they can be included in the start transaction request to indicate that all operations within the transaction should be processed with the specified authorization identity.
The PingDirectory server supports the following additional controls in conjunction with operations included in a transaction:
-
Account usable request control
-
Hard delete request control
-
Intermediate client request control
-
Password policy request control
-
Replication repair request control
-
Soft delete request control
-
Soft-deleted entry access request control
-
Subtree delete request control, and undelete request control
Requesting a batched transaction using ldapmodify
About this task
You can run the ldapmodify
tool’s --useTransaction
option to process multiple operations as part of a single batched transaction.
Steps
-
Create a batch text file with the changes that you want to apply as a single atomic unit.
Example:
dn:uid=user.3,ou=People,dc=example,dc=com changetype: delete dn:uid=user.1,ou=People,dc=example,dc=com changetype: modify replace: pager pager: +1 383 288 1090
-
To run the batched transaction, run the
ldapmodify
tool with the--useTransaction
and--filename
options.Example:
$ bin/ldapmodify --useTransaction --filename test.ldif
Result:
#Successfully created a transaction with transaction ID 400 #Processing DELETE request for uid=user.3,ou=People,dc=example,dc=com #DELETE operation successful for DN uid=user.3,ou=People,dc=example,dc=com #This operation will be processed as part of transaction 400 #Processing MODIFY request for uid=user.1,ou=People,dc=example,dc=com #MODIFY operation successful for DN uid=user.1,ou=People,dc=example,dc=com #This operation will be processed as part of transaction 400 #Successfully committed transaction 400