Replication conflicts
This section provides in-depth information about the mechanisms and possible scenarios behind replication conflicts.
Updates to the PingDirectory server entries in a replication topology can happen independently because replication guarantees only eventual consistency and not strong consistency. The eventual consistency model enables applying conflicting changes at different PingDirectory server instances. In most cases, the PingDirectory server can resolve these conflicts automatically and in a consistent manner: for example, all server instances in a replication topology resolving each and every conflict the same way. However, in some scenarios, manual administrative action is required. For any of these unresolved conflicts, the administrator receives notification through administrative alerts.
On a high level, the conflict resolution algorithm tries to resolve conflicts as if the operations causing the conflict in a distributed environment apply to a single PingDirectory server instance. For example, if the same entry is added to two different PingDirectory server instances at about the same time, after these operations are replicated, both servers keep only the first entry added.
The following image highlights the differences between standalone versus replicated environments.
- Processing steps
-
-
Client sends LDAP modify request to directory server and succeeds.
-
Client sends another LDAP modify request that conflicts with the first.
-
In the standalone case, the request is rejected. In the replicated case, the request succeeds.
-
Replication propagates the updates (replicated only).
-
Conflict resolution (replicated only): A ignores the update from B, and B sets the attribute value to the value on A.
-
Types of replication conflicts
There are two types of replication conflicts:
- Naming conflicts
-
Naming conflicts include operations that cause conflicts with the naming of the distinguish name (DN) of the existing or new entries.
- Modification conflicts
-
Modification conflicts include operations that result in conflicts in the modification of attributes.
Naming conflict scenarios
The following illustration depicts the naming conflict scenario.
- Processing steps
-
-
The Client sends an update (Add, Delete, or Modify DN) request to server A.
-
The Client sends an update (Add, Delete, or Modify DN) request conflicting with the first request to server A.
-
Replication propagates the updates.
-
Conflict resolution takes place.
-
The following table shows the result of a modification conflict depending on the type of updates that occur. The code does not compare change sequence numbers (CSNs) but applies operations in the order they were received. This might lead to inconsistent replays.
For all of the naming conflict scenarios, assume the following:
-
Update 1 was applied at PingDirectory server 1.
-
Update 2 was applied at PingDirectory server 2.
-
Update 1 occurred shortly before Update 2 so that PingDirectory server 2 received Update 1 after Update 2 was applied.
Update 1 | Update 2 | Automatic Resolution? | Result of Conflict Resolution at PingDirectory server 2 When Update 1 is received |
---|---|---|---|
|
|
Yes |
|
|
|
Yes |
New entry is located based on the entryUUID and |
|
|
Yes |
|
|
|
Yes |
|
|
|
Yes |
Entry B is renamed and Entry A is deleted. |
|
|
Yes |
|
|
|
No |
The entry targeted in the |
|
|
Yes |
The entry is moved under the new DN of the parent. |
|
|
No |
A and B will be conflict entries. |
|
|
Yes |
The entry is added under the new DN of the parent. |
|
|
No |
The added entry is marked as a conflict entry. |
|
|
Yes |
The entryUUID of the incoming Add operation applied to the existing entry. |
|
|
No |
The existing entry is marked as a conflicting entry and the incoming |
Modification conflict scenarios
Modification conflicts resolve automatically and no manual action is required. The LDAPModify
operation allows the following modification types:
-
Add of one or more values
-
Delete of one or more values or the entire attribute
-
Replacement of all values
Replication does not currently support the increment LDAP modification type. |
The following illustration presents a modification conflict scenario.
- Processing steps
-
-
LDAP client A sends a
modify
request to directory server A. -
LDAP client B sends a conflicting
modify
request to directory server B. -
Directory server A applies the modification.
-
Directory server B applies the modification.
-
The LDAP clients receive successful responses.
-
Replication propagates the updates.
-
Conflict resolution on directory server A updates the entry to reflect the value on directory server B.
Conflict resolution on directory server B ignores the update received from directory server A.
-
The following table shows the result of a modification conflict depending on the type of updates that occur. For all of the operations in the table, assume the following:
-
LDAP Modify 1 was applied at PingDirectory server 1.
-
LDAP Modify 2 was applied at PingDirectory server 2.
-
LDAP Modify 1 occurred shortly before LDAP Modify 2, so that PingDirectory server 2 received LDAP Modify 1 after LDAP Modify 2 was applied.
Modify 1 | Modify 2 | Result of Conflict Resolution at PingDirectory server 2 When Modify 1 is received |
---|---|---|
|
|
Incoming |
|
Replacement of the value of the same attribute |
Incoming |
Replacement of a single-valued attribute |
|
Incoming Replacement is ignored. |
|
|
Incoming |
|
|
Incoming |
|
|
Incoming |
|
|
Incoming |
|
|
|
|
|
|
|
Replace all values of the same multi-valued attribute |
Incoming |
|
|
Only value Y is added. |
|
|
Incoming |