Introduction
This document describes design choices made regarding the ChangeLogService.
Representing Changes (deltas)
Every change made to the LDAP server can be logged and tracked using an LDIF. This is especially the case if the server's configuration is also moved into the DIT.
A log of LDIF entries can track each new revision of the server. This can be used to audit changes on the DIT, on subtrees of the DIT, their entries and even on attributes. Each entry can track revisions in the change log using the revisions operational attribute. The revisions represent primary keys into the change log and act as a reference which can be used to query for information about changes from the server.
To enable operations to be reverted a change log must capture complete information to revert the change. The best way to do this is by calculating the reverse LDIF from the change and storing it along with the forward LDIF. We can calculate these reverse LDIF pretty easily using the following reverse operations on forward changes:
Forward Change | Reverse Operation |
|---|---|
Add | Delete |
Delete | Add |
ModifyRdn | ModifyRdn |
ModifyDn | ModifyDn |
Modify.Add | Modify.Remove |
Modify.Remove | Modify.Add |
Modify.Replace | Modify.Replace |
To revert a sequence of forward (F) LDIFs { F0, F1, F2, F3 } the reverse (R) LDIF operations are applied in the opposite order { R3, R2, R1, R0 }. Some optimizations can be inferred from a sequence to make reverting faster. For example if F0 represents an Add operation and the other changes represent Modify operations on the same entry then only R0 can be applied instead of the R3->R0 sequence of reverse LDIFs. For the time being we just note that these optimizations are possible for implementing reversion capabilities.
| Section | ||||
|---|---|---|---|---|
|
Change Stores
There are different levels to which we can implement this feature. I think we should enable different pluggable implementations for the change log service to expose different levels of functionality. To enable this we have to design a few different interfaces for the service and it's subcomponents. The following levels of functionality should be possible:
...
The same change log logic can be used to swap out different components of a log store to provide varying capabilities and still apply tags and changes to the store interface. Let's take a look at some of the store interfaces which really act as an SPI for this subsystem:
Representing Changes
Every change in an LDAP server can be logged and tracked using an LDIF. A log of LDIF entries can track each new revision of the server. This can be used to audit changes on the DIT, on subtrees of the DIT, their entries and even on attributes. Each entry can track revisions in the change log using the revisions operational attribute. The revisions represent primary keys into the change log.
The change log should also track
Simple Logger
The first very basic functionality is to implement a basic logger. It has already been added, but some more elements need to be defined, like the way to start the logger turn versioning on and off, either via an LDAP extended request, or programmatically.
...