The batched transactions feature supports two implementations: the standard LDAP transactions per RFC 5805 and the PingDirectoryProxy proprietary implementation, known as the multi-update extended operation.

Batched transactions can be used through the PingDirectoryProxy server in both simple and entry-balanced configurations, but only in cases where all operations within the transaction request can be processed within the same backend server and within the same Berkeley DB JE backend.


Batched transactions can't be processed across multiple servers or multiple PingDirectory server backends.

You can submit multiple updates in a single request. These updates can be processed either as individual operations or as a single batch. When the PingDirectoryProxy server receives a Start Batched Transaction request, it queues all associated operations in memory until the End Batched Transaction request is received with the intention to commit, at which point the set of operations is sent as a single multi-update extended request to the PingDirectory server.

You can include add, delete, modify, modify DN, and password modify extended operations to the set of operations processed during a batch transaction. The operations are processed sequentially in the order in which they were included in the extended request. If an error occurs while processing an operation in the set, then the server can be instructed to continue processing or to cancel any remaining operations. If the operations aren't canceled, you can configure the server to process all operations as a single unit.

Because of this use of multi-update, you must configure the external PingDirectory server to allow multi-update extended requests made by the PingDirectoryProxy server on behalf of the DN submitting the batched transaction.

For example, the following PingDirectory server dsconfig command grants anonymous access to the multi-update extended request.

$ bin/dsconfig set-access-control-handler-prop \
  --add 'global-aci:(extop="")(version 3.0; acl "Anonymous access to multi-update extended request"; allow (read) userdn="ldap:///anyone";)'

The submitter of the request still needs access rights for the individual operations within the multiple-update.

Batched transactions are managed by the Batched Transactions Extended Operation Handler. You can use it to configure the start transaction and end transaction operations used to indicate the set of add, delete, modify, modify DN, or password modify operations as a single atomic unit.

  1. Configure batched transactions using the dsconfig command.
    $ bin/dsconfig set-extended-operation-handler-prop \
      --handler-name "Batched Transactions" \
      --set enabled:true 
  2. Configure the external servers to allow the multi-update extended operation by granting access rights to the feature.

    See example in the previous section.