Configure the PingDirectoryProxy server to use batched transactions in both simple and entry-balanced configurations.
The batched transactions feature supports two implementations: the standard LDAP transactions per RFC 5805 and the PingDirectoryProxy proprietary implementation, known as the multi-update extended operation.
Batched transactions can be used through the PingDirectoryProxy server in both simple and entry-balanced configurations, but only in cases where all operations within the transaction request can be processed within the same backend server and within the same Berkeley DB JE backend.
Batched transactions can't be processed across multiple servers or multiple PingDirectory server backends.
You can submit multiple updates in a single request. These updates can be processed either as individual operations or as a single batch. When the PingDirectoryProxy server receives a Start Batched Transaction request, it queues all associated operations in memory until the End Batched Transaction request is received with the intention to commit, at which point the set of operations is sent as a single multi-update extended request to the PingDirectory server.
You can include
modify DN, and
password modify extended operations
to the set of operations processed during a batch transaction. The operations are
processed sequentially in the order in which they were included in the extended request.
If an error occurs while processing an operation in the set, then the server can be
instructed to continue processing or to cancel any remaining operations. If the
operations aren't canceled, you can configure the server to process all operations as a
Because of this use of multi-update, you must configure the external PingDirectory server to allow multi-update extended requests made by the PingDirectoryProxy server on behalf of the DN submitting the batched transaction.
For example, the following PingDirectory server dsconfig command grants anonymous access to the multi-update extended request.
$ bin/dsconfig set-access-control-handler-prop \ --add 'global-aci:(extop="126.96.36.199.4.1.30188.8.131.52")(version 3.0; acl "Anonymous access to multi-update extended request"; allow (read) userdn="ldap:///anyone";)'
The submitter of the request still needs access rights for the individual operations within the multiple-update.
Batched transactions are managed by the Batched Transactions Extended Operation Handler.
You can use it to configure the start transaction and end transaction operations used to
indicate the set of
modify DN, or
modify operations as a single atomic unit.
Configure batched transactions using the
$ bin/dsconfig set-extended-operation-handler-prop \ --handler-name "Batched Transactions" \ --set enabled:true
Configure the external servers to allow the multi-update extended operation by
granting access rights to the feature.
See example in the previous section.