Replication communication uses a proprietary binary protocol that implements on top of the TCP/IP protocol using SSL encryption. Some protocol messages are used for administrative purposes, such as WAN Gateway server negotiation or flow control, some carry updates to replicated data, and others are directed to all servers for monitoring requests.

In a replicated topology, each participating Directory Server connects to every other server through the replication server port to monitor health. Servers that share the same location setting are connected to rapidly replicate changes, and the WAN Gateway servers are all interconnected to replicate changes across locations.

The Directory Servers keep connections open as long as possible to reduce the communication latency when exchanging messages. Heartbeat messages transmit on a regular basis to detect a network failure or an unresponsive directory server as early as possible. Heartbeat messages also prevent idle connections from being closed by firewalls.

Canvas 1 Layer 1 Clients / Applications Server 4 Identity Data Store A Directory Recent changes 1 Modify Replication Server A Directory Changelog 6 2 3 4 Directory 10 Identity Data Store B Replication Server B Directory Changelog 8 9 7 5 Result LDAP Replication
  1. The client sends a MODIFY request to Directory Server A.
  2. Directory Server A assigns a unique change number to the operation. Conflict resolution is executed to see if the MODIFY request is in conflict with the existing attribute types or values in the existing entry. The change number is assigned before the Directory Server backend is updated to preserve the arrival order of client requests. Historical data in the target entry is updated to reflect the change.
    Note:

    Historical data is only updated for ADD and MODIFY operations.

  3. Directory Server applies the modifications in the corresponding backend.
  4. If the MODIFY operation successfully completes, then the Directory Server submits the update to its embedded Replication Server. The Replication Server is a component within the Directory Server process responsible for propagating updates to and from the replication topology. The Directory Server itself only communicates with a single replication server, whereas the replication server component is connected to all other replication servers. If the Directory Server process exits unexpectedly and some updates haven't been passed to the Replication Server, the backend has the ability to recover the last 50,000 recent changes that were processed at this server, guaranteeing that these changes can be replicated when the server starts up. The figure above also shows that replication protocol is used not just between replication servers but also between the Directory Server and the Replication Server.
  5. The response is sent to the client. In this example, a successful response is assumed.
  6. The Replication Server records the update in its own Changelog backend, such as backend ID of replicationChanges and on disk with the path to changelogDb under the server root. The Replication Changelog backend keeps track of updates at each and every Directory Server in the replication topology. When a Directory Server joins the replication topology after being disconnected for some reason, updates from the Replication Changelog backend are re-sent to this Directory Server. Old records from the Replication Changelog backend are purged, which, by default, removes records older than 24 hours. If the backend doesn't contain all of the records that another Directory Server needed when rejoining the replication topology, then the replicated data set in the Directory Server must be re-initialized. In this case, the Directory Server enters lockdown mode and sends an administrative alert.
  7. The Replication Server submits the update to the replication server component in Directory Server B. If there were more Directory Servers in this example, the Replication Server would submit the update to all the other replication servers in the same location.
  8. Just like in Step 6, the Replication Server component receiving an update inserts the change into its Replication Changelog backend.
  9. The update forwards to the Replica in Directory Server B. Conflict resolution executes to see if the MODIFY request is in conflict with the existing attribute types or values in the existing entry.
  10. The Directory Server applies the modification in the corresponding backend. The Recent Changes database doesn't update because only updates that originate at this Directory Server record in the Recent Changes database.