In a network-wide directory service maintaining objects having multi-valued attribute lists, such as a mail distribution list or a personnel list for a security-based system, simultaneous updates from more than one networked data-entry site can cause a replication conflict. For example, Active Directory™ is an enterprise-wide directory service in Windows® 2000 using a state-based, multi-master replication model that is susceptible to replication conflicts with respect to its object store structure. Windows® 2000 is an operating system licensed by Microsoft Corporation of Redmond, Wash.
In a network-wide partitioned directory, each domain controller in a separate domain of the network maintains a copy of a partition of the directory which typically contains those objects that are pertinent to only a particular domain. Replication defines that a change to a directory made on one computer will change the directory on all computers in a network having a replica of the directory. A copy of the contents of one directory partition on a specific domain controller is identified as a replica. Replication updates replicas among the domain controllers that store the same directory partitions. Convergence defines that if a network system is allowed to reach a steady state in which no new updates are occurring, and all previous updates have been completely replicated, all replicas ideally converge to the same set of values.
A multi-master replication model defines that several servers (e.g., the domain controllers) in a network system can contain writeable replicas of an object that is intended to be kept consistent between the servers. Master replicas accept updates independently without communicating with other master replicas. If updates cease and replication continues, all replicas of an object at each server will ideally be updated to the same value. Replication propagates changes made on any specific domain controller to all other domain controllers in the network that store the directory partition in which a change occurs.
A state-based replication model defines that each master applies updates, both originating and replicated, to its replica as they arrive. Replication is derived from the current state of the source replica at hand. Each directory partition replica stores per-object and per-attribute data to support replication.
An alternative to a state-based replication model is a log-based replication model. In a conventional log-based replication system, each master server keeps a log of any updates that it originates. When replicating, each master server communicates its log to every other replica. When receiving a log at a replica, the replica applies the log, bringing its own state more up-to-date.
With a conventional state-based replication model, there can be conflicts with object attribute value updates because the lowest level of granularity for updates is at the attribute level of an object, and not at the attribute value level. Even though an attribute may contain multiple values (i.e., a multi-valued attribute), all of the values are considered as a single unit for the purpose of replication. The following example, described with reference to FIGS. 1 and 2, illustrates the occurrence of a replication conflict when implementing a network-wide directory service with a conventional state-based replication model.
FIG. 1 shows a network architecture 100 having a directory service that maintains objects associated with a mail distribution list. The network 100 has a first domain controller 102, computer A, and a second domain controller 104, computer B, that are interconnected via a communications network 106. Computer 102 has a directory 108 that stores a mail group 110(A) which has multiple associated group objects, such as object 112(A). Group object 112(A), identified as object M, is associated with mail group 110(A) and identifies the individual recipients of a mail distribution list in the mail group.
Computer 104 has a directory 114 which is a replica of directory 108 in computer 102. Directory 114 stores a mail group 110(B) which has an associated group object 112(B), also identified as object M because it is a replica of object 112(A) stored in directory 108 at computer 102.
The group object 112 has a data structure 116 that illustrates data stored in the object. The data structure 116 stores object properties, identified as attributes 118, and attribute values for each attribute, identified as metadata 120. The object 112 has a name attribute 122 that identifies an association with mail group 110. Metadata 124 indicates the association with the mail group and also includes a latest version number and an update timestamp for the name attribute 122. The version number, v1, indicates a first version of the name attribute 122 and the timestamp, t1, indicates when the first version of the attribute was created.
The object 112 has an identifier attribute 126 that associates a global unique identifier (GUID) in metadata 128 for the object. Each instance of the object, 112(A) and 112(B), has a different and unique GUID within network 100. Metadata 128 also includes a latest version number, v1, and an update timestamp, t1, for the identifier attribute 126.
The object 112 also has a multi-valued members attribute 130 that associates the individual recipients in the mail distribution list. Metadata 132 for the members attribute includes a latest version number, v1, and an update timestamp, t1. Metadata 132 also includes a link table reference to a data structure 134. Link table 134 maintains the linked values (e.g., the recipients in the mail distribution list) for the multi-valued members attribute 130.
Link table 134 identifies the object owning the link table at source 136 which indicates that object M owns the link table. Each recipient in the mail distribution list is identified as a referenced object at destination 138 which, in this example, indicates two recipients. Link table 134 also identifies the associated object attribute for each destination 138 at linkID 140. In this example, linkID 140 identifies that each recipient 138 is associated with the members attribute 130.
If the list of recipients 138 is changed on computer A, then computer B needs to be updated with the changes. During replication, computer A sends computer B the entire contents of the members attribute 130, which includes the entire link table 134, because the lowest level of granularity for conventional replication updates is at the attribute level of an object, and not at the attribute value level. Although only a single value within the members attribute value list may be changed (i.e., a recipient is deleted, added, and/or updated), computer A cannot convey to computer B which recipient has changed. Computer A can only convey that some value in the members attribute 130 has been changed.
The problem is compounded for a large number of attribute values and by the scale of the network. Computer B can only receive the entire contents of the members attribute 130 and either compare the new object attribute with what computer B has stored locally to update the change, or computer B can delete its entire local copy of the members attribute and update the attribute with the new copy of members from computer A. Either case presents an efficiency problem for computer B. The problem is further compounded for multiple networked sites each having replica to be updated.
Furthermore, a conflict occurs during replication when a multi-valued object attribute, such as members, is updated at different networked sites within a relatively short amount of time before a scheduled replication. This is identified as a replication latency period. Changes made to a multi-valued attribute simultaneously, or within the replication latency period, can cause a replication convergence conflict that will result in the loss of a data update.
If two independent attribute changes converge from different networked sites, and a first attribute change prevails in a conflict resolution over a second attribute change, then the values of the first attribute change will replace all of the values of the second attribute change. This policy is acceptable for an attribute that is single-valued, or when it makes sense to change all of the values of an attribute together as a group. However, replication conflicts can result in lost data when it is desirable that individual values of a multi-valued object attribute replicate independently.
FIG. 2, continues the example and illustrates how a replication conflict can occur between two objects having updated multi-valued attributes and how resolution of the conflict can result in the loss of one of the data updates. Initially, as shown in FIG. 1, computer A has an object 112(A) with a multi-valued members attribute 130. The attribute has two values, recipient1 and recipient2, in link table 134. Computer B also has an up-to-date replica of object M.
In FIG. 2, a data administrator at computer A deletes recipient1 from the mail distribution list 138(A) in link table 134(A) and, as illustrated, recipient1 no longer exists. The data administrator also adds a new recipient3 to the mail distribution list 138(A) as indicated by 200. Metadata 132(A) for members attribute 130(A) is updated to version2 (v2) of the mail distribution list occurring at time2 (t2) as indicated by 202.
Within a replication latency period, such as five minutes or less, for example, a second data administrator at computer B adds a new recipient4 to the mail distribution list 138(B) as indicated by 204. Metadata 132(B) for members attribute 130(B) is updated to version2 (v2) of the mail distribution list occurring at time3 (t3) as indicated by 206.
When computers A and B replicate directories 108 and 114, respectively, there will be a replication conflict because the members attribute was updated at both network sites during a replication latency period. Conventionally, the conflict can be resolved by a policy that allows the most frequent writer to prevail first followed by the last writer prevails. That is, the higher version number prevails first, followed by the latest timestamp. In the example, both network sites have a version2 (v2) in metadata 132 for members attribute 130. Thus, computer B wins the replication conflict because the latest timestamp is time3 (t3) which is later than time2 (t2) at computer A. Other resolution policies may resolve replication conflicts with only a version number, or with only a timestamp.
To replicate, computer A updates metadata 132(A) for members attribute 130(A) by replacing all of the values for the attribute. That is, the entire link table 134(A) is replaced in directory 108 in computer A with link table 134(B) from computer B. Although not shown specifically, the resultant replica for object 112 at both of the network sites is that shown for computer B. The mail distribution list at both computers A and B (i.e., the recipient values 138) will include recipient1, recipient2, and recipient4. The update at computer A to remove recipient1 and add recipient3 is lost in the resolution of the replication conflict.
Simultaneous attribute updates at different networked sites can cause a replication convergence that requires a conflict resolution in a state-based replication model because objects are not necessarily replicated in the order in which they are updated. Replication conflicts arise because the lowest level of granularity for updates is at the attribute level of an object, and not at the attribute value level. Even though an attribute may contain multiple values, all of the values are considered as a single unit for the purpose of replication. Updates to individual values of multi-valued attributes need to be accounted for during replication to avoid a replication conflict that results in lost data.