Selective LDAP Multi-Master Replication

Thomas Bauereiß; Stefan Gohmann; Dieter Hutter; Alexander Kläser

In: Proceedings Open Identity Summit 2013. Open Identity Summit (OID-2013), September 9-11, Kloster Banz, Germany, Lecture Notes in Informatics (LNI), Springer, 2013.


LDAP directory services are widely used to store and manage information about the assets of organisations and to ease the administration of IT infrastructure. With the popularity of cloud computing many companies start to distribute their computational needs in mixed-cloud infrastructures. However, distributing an LDAP directory including sensitive information to partially trusted cloud servers would constitute a major security risk. In this paper, we describe an LDAP replication mechanism that allows for a fine-grained selection of parts of an LDAP directory tree that are replicated to an other server using content-based filters, while maintaining the availability and performance advantages of a full multi-master replication. We discuss sufficient conditions on replication topology and admissible operations such that the replication mechanism provides eventual consistency of selectively replicated data.


Deutsches Forschungszentrum für Künstliche Intelligenz
German Research Center for Artificial Intelligence