This specification describes the Lightweight Directory Access
   Protocol (LDAP) Content Synchronization Operation.  The operation
   allows a client to maintain a copy of a fragment of the Directory
   Information Tree (DIT).  It supports both polling for changes and
   listening for changes.  The operation is defined as an extension of
   the LDAP Search Operation.

This document discusses the fundamental requirements for replication
   of data accessible via the Lightweight Directory Access Protocol
   (version 3) (LDAPv3).  It is intended to be a gathering place for
   general replication requirements needed to provide interoperability
   between informational directories.

This document describes the LDAP/X.500 'entryUUID' operational
   attribute and associated matching rules and syntax.  The attribute
   holds a server-assigned Universally Unique Identifier (UUID) for the
   object.  Directory clients may use this attribute to distinguish
   objects identified by a distinguished name or to locate an object
   after renaming.

This paper defines a multi-master, incremental replication protocol
   using the LDAP protocol [LDAPv3]. This protocol uses and builds upon
   previous LDAP support protocols, namely the changelog [change] and LDIF
   [LDIF] protocols. It defines the use of two types of transport protocols
   for replication data, and specifies the schema that must be supported by
   a server that wishes to participate in replication activities using this
   protocol. In addition, it specifies a conflict resolution mechanism for
   integrating updates from multiple servers.

The goal of standards for LDAP replication is to allow interoperable
   replication among products from many different vendors.  Defining the
   mechanism to move data among replicas is a necessary part of this work,
   but management of the replicated environment must also be standardized
   for replication to be truly interoperable.

   This document presents the replication management functions that must
   be performed.  Whenever possible, these functions are defined in terms
   of existing LDAP functionality using existing LDAP operations and
   existing data definitions.  In some cases, changes or additions to the
   existing model are required, and specifications for these changes are
   included in this document.

Support for replication in LDAP directory systems is often one of the
   key factors in the decision to deploy them.  But replication brings
   design constraints along with its benefits.

   We discuss some of the factors that should be taken into consideration
   when designing a replicated directory system.  Both programming and
   architectural/operational concerns are addressed and both single- and
   multi-master directories are considered.

The protocol described in this document is designed to allow one
   LDAP server to replicate its directory content to another LDAP
   server. The protocol is designed to be used in a replication
   configuration where multiple updateable servers are present.
   Provisions are made in the protocol to carry information that allows
   the server receiving updates to apply a total ordering to all
   updates in the replicated system. This total ordering allows all
   replicas to correctly resolve conflicts that arise when LDAP clients
   submit changes to different servers that later replicate to one
   another.

   All protocol elements described here are LDAPv3 extended operations
   and controls. LDAPv3 is described in RFC 2251 [LDAPv3]. Some LDAPv3
   extended operations and controls described here are LDAPv3 extended
   operations used to group related operations. The protocol elements
   used for grouping are described in LDAPv3: Grouping of Related
   Operations [GROUPING|http://tools.ietf.org/html/draft-ietf-ldup-protocol-05#ref-GROUPING].

   Certain terms used in this document are defined in the document
   "LDAP Replication Architecture" [ARCHITECTURE|http://tools.ietf.org/html/draft-ietf-ldup-protocol-05#ref-ARCHITECTURE].

This document describes an administrative model for LDAP,
   and an object class called ldapSubEntry and a control
   ldapSubentriesControl (to control the visibility of entries
   of type ldapSubEntry) that are to be used by directory
   servers claiming support for the administrative model
   defined here.

[LDUP Model] describes the architectural approach to replication of
   LDAP directory contents.  This document describes the information
   model and schema elements which support LDAP Replication Services
   which conform to [LDUP Model].

   Directory schema is extended to provide object classes, subentries,
   and attributes to describe areas of the namespace which are under
   common administrative authority, units of replication (i.e.,
   subtrees, or partitions of the namespace, which are replicated),
   servers which hold replicas of various types for the various
   partitions of the namespace, which namespaces are held on given
   servers, and the progress of various namespace management and
   replication operations.  Among other things, this knowledge of where
   directory content is located will provide the basis for dynamic
   generation of LDAP referrals for clients who can follow them.

   The controlling framework by which the relationships, types, and
   health of replicas of the directory content will be defined so that,
   as much as possible, directory content is itself used to monitor and
   control the environment.

   Security information, including access control policy identifiers
   and information will be treated as directory content by the
   replication protocols when specified by the LDAPEXT group.

   The information model will describe required and optional house-
   keeping duties for compliant systems to implement, such as garbage
   collection of deleted objects, reconciliation of moved and renamed
   objects, update sequencing and transaction bracketing of changes,
   etc.

This document describes the procedures used by Lightweight Directory
   Access Protocol (LDAP) directory servers or X.500 directory servers
   to reconcile updates performed by autonomously operating directory
   servers in a distributed, replicated directory service, using the
   LDAP Duplication/Replication/Update protocols.