Embodiments of the present invention relate in general to directory servers, and in particular to techniques for providing a consolidated view of directory changes across different directory servers.
In the field of computer software, a directory is a set of data records (referred to herein as directory entries), typically organized according to a hierarchical structure. Each directory entry generally includes a unique identifier, known as a distinguished name, and a set of associated attributes. For instance, a corporate user directory may comprise a hierarchical grouping of directory entries corresponding to users/employees in a corporation, where each entry includes, e.g., user name, telephone, email, and manager name attributes for a particular user.
A directory server is a software and/or hardware-based system that stores, organizes, and provides access to information in a directory. For example, a directory server may allow a client to browse, query, modify, add, and/or delete directory entries. There are a number of different directory server implementations developed by different vendors, such as Oracle Internet Directory (developed by Oracle Corporation), Active Directory (developed by Microsoft Corporation), Sun Java System Directory Server (developed by Sun Microsystems, Inc.), and the like. These various implementations generally conform to one or more versions of Lightweight Directory Access Protocol (LDAP), a standard protocol for accessing distributed directory services over IP networks.
Certain directory server implementations can keep track of changes (e.g., additions, modifications, deletions) that are made to a directory via a changelog. However, since change tracking is not formally part of the LDAP standard, each implementation generally uses a proprietary changelog mechanism and format. For instance, Oracle Internet Directory generates a separate changelog record for each change to a directory entry, and uses a unique “changenumber” attribute associated with the changelog record to identify the change. In contrast, Active Directory updates a “uSNchanged” attribute on a directory entry (rather than generating a separate changelog record object) to record a change to the entry.
These disparate approaches to change tracking can cause various problems in an enterprise deployment that includes different types of directory servers. For example, client applications that are configured to consume directory changelog information must be programmed to understand the various changelog mechanisms/formats implemented by different vendors and to handle those formats appropriately. Further, since the changelog identification scheme for each directory server implementation is self-contained, there is no way to uniquely identify changelog records across different server implementations or to provide a global changelog state for all directory servers in the deployment.