Replication employs an eventual-consistency model which can introduce a window where conflicting updates targeting the same entry might be applied at two different Directory Servers. In general, if the update that arrived later fails, two updates to the same Directory Server are in conflict. Conflict resolution, when possible, corrects conflicts introduced by clients automatically. There are some exceptions, however, when manual administrative action is required. For example, adding an entry in one replica and simultaneously deleting the parent of this entry on another replica introduces a conflict that requires manual action. In a carefully implemented deployment, the risk of introducing conflicts that require manual action can be significantly reduced or even eliminated.

The conflict resolution algorithm in PingDirectory Server uses a mechanism that orders all updates in the replication topology. The Directory Server assigns a unique change number to each update. The change number is attached to each update propagated through replication and allows each Directory Server to order updates exactly the same way. See the following diagram for an example.

Conflict resolution process flow

The following diagram depicts adding a single-valued attribute with different values to an entry concurrently at two Directory Servers resulting in a conflict as well as the conflict resolution in the standalone environment versus the replicated environment.

Canvas 1 Layer 1 Directory Server Directory Standalone dn: uid=babs.jensen, … changetype: modify add: displayName displayName: Babs 1 2 dn: uid=babs.jensen, … changetype: modify add: displayName displayName: Barbara 3 4 Replicated dn: uid=babs.jensen, … changetype: modify add: displayName displayName: Babs Directory Server A 1 2 Directory Server B 5 dn: uid=babs.jensen, … changetype: modify add: displayName displayName: Barbara Directory Directory 6 6 Conflict Resolution Conflict Resolution 3 4 Failure Success LDAP Replication

Processing steps

  1. The client sends a modify request to the Identity Data Store and succeeds.
  2. The client sends another modify request that conflicts with the first.
  3. In the standlaone environment, the request is rejected. In the replicated environment, the request succeeds.
  4. In the replicated environment only: Replication propagates the updates.
  5. In the replicated environment only: Conflict resolution concludes with A ignores the update from B, B sets the attribute value to the value on A.

From the diagram example, you can make the following observations:

  • The second operation fails if a client attempted to add the same attribute to the same entry at the same Directory Server.
  • In a replicated environment, the conflict is not immediately seen if these updates are applied concurrently at two different Directory Servers.
  • The conflict is handled only after replication propagates the updates.
  • The Directory Servers resolve the conflict independently of the other server. On one Directory Server, the entry updates to reflect the correct value. On the other Directory Server, the value stays the same. As a result, each Directory Server independently resolves the conflict the same way based on the ordering of the updates.