Chapter 13. Using Data Interoperability Plug-ins

This chapter explains how to use the Data Interoperability (DIOP) feature of Red Hat Directory Server (Directory Server). The DIOP feature refers to Directory Server's ability to work with a proprietary database, instead of the default database created during installation.
You can now use the enhanced pre-operation interfaces to implement plug-ins that are designed to provide access to alternative directory data stores, instead of the database backend plug-in interface, which is not supported in current releases. You do this by developing a custom pre-operation plug-in to provide an alternate functionality for the LDAP operations, such as search, modify, add, and so on. These operations are generally targeted at the root suffix or the null DN (meaning dn:), and your plug-in will have to be designed to intercept these operations and divert them to be serviced by an alternate data source or alternate access methods.
This chapter covers deployment considerations, configuration changes required to use the DIOP feature, a list of supported and unsupported features, and other useful information.

13.1. Installing Directory Server

This section explains how to install Directory Server in order to test and use the DIOP feature.

13.1.1. Understanding Deployment Configuration

To verify whether the DIOP feature works in Directory Server, your deployment must comprise two instances of Directory Server:
  • An instance of Directory Server that will be used for storing configuration data. This instance is identified as the configurationDirectory Server.
  • An instance of Directory Server that will be used for enabling the DIOP plug-in. This instance is identified as the DIOP-enabledDirectory Server.
For detailed information on directory deployments, check the Red Hat Directory Server Deployment Guide. To understand the role of a configuration Directory Server in a directory deployment, check Managing Servers with Red Hat Console.
Because the DIOP plug-in is a pre-operation plug-in, enabling the plug-in will impose certain limitations on the default behavior of Directory Server.
  • The Directory Server Console will not be fully functional in the DIOP-enabled Directory Server, and you will not be able to administer the server via the Console. However, you will be able to use the configuration Directory Server Console to manage the DIOP-enabled Directory Server.
  • Some of the default plug-ins that are provided with the server will not work in the DIOP-enabled Directory Server. The DIOP plug-in is a pre-operation plug-in, and intercepting all LDAP operations will result in the other plug-ins being unusable. Table 13.1, “Plug-in Status in DIOP-Enabled Directory Server” identifies plug-ins that are unsupported in the DIOP-enabled Directory Server. All unsupported plug-ins must be disabled before using the DIOP plug-in.

Table 13.1. Plug-in Status in DIOP-Enabled Directory Server

Default Red Hat Directory Server Plug-in Guide (Names as they appear in the Directory Server Console) Unsupported Plug-ins (Indicated by X)
7-bit check X
ACL -
ACL preoperation -
Binary Syntax -
Boolean Syntax -
Case Exact String Syntax -
Case Ignore String Syntax -
chaining database X
Class of Service X
Country String Syntax -
Distinguished Name Syntax -
Generalized Time Syntax -
HTTP Client -
Integer Syntax -
Internationalization Plugin -
JPEG Syntax -
ldbm database -
Legacy Replication X
Multimaster Replication X
Octet String Syntax -
OID Syntax -
Pass-through Authentication X
Postal Address Syntax -
Referential Integrity Postoperation X
Retro Changelog X
Roles X
Space Insensitive Syntax -
State Change X
Telephone Syntax -
UID Uniqueness X
URI Syntax -
Views X
CLEAR -
CRYPT -
DES -
NS-MTA-MD5 -
SHA -
SSHA -
The figure below illustrates Directory Server deployment required for testing the DIOP feature.
A typical Directory Server Deployment

Figure 13.1. A typical Directory Server Deployment

In the above figure, slapd-<configInstance> is the configuration Directory Server and slapd-<diopInstance> is the Directory Server instance with the DIOPplug-in turned on.
  • The management and administration of slapd-<configInstance> is done via the corresponding Directory Server Console, accessible from within Red Hat Console.
  • The management and administration of slapd-<diopInstance> is done via the Directory Server Console of the slapd-<configInstance> instance. This is because the slapd-<diopInstance> instance does not support the full functionality of Red Hat Console.
To summarize the installation requirements for testing the DIOP feature:
  • You install two instances of Directory Server under the same server root (by specifying the same installation directory). For example, you can install two Directory Server instances:
/usr/lib64/dirsrv/slapd-<configInstance>
/usr/lib64/dirsrv/slapd-<diopInstance>
where /usr/lib64/dirsrv/slapd-instance is the default installation directory. In the sections that follow, the installation directory is identified as /usr/lib64/dirsrv/slapd-instance.
  • After you install the two instances, you designate the second Directory Server instance (slapd-<diopInstance>) for testing the DIOP feature.
  • You manage the first Directory Server instance (slapd-<configInstance>) using Red Hat Console and the corresponding Administration Server, which is running under the same server root.
  • You can indirectly manage the second Directory Server instance (slapd-<diopInstance>) through the first Directory Server instance (slapd-<configInstance>).
  • You disable the unsupported plug-ins in the second Directory Server instance (slapd-<diopInstance>).
For general information about installing Directory Server, refer to the accompanying Red Hat Directory Server Installation Guide. You can also find the documentation for Directory Server at https://access.redhat.com/documentation/en/

13.1.2. Installing Two Instances of Directory Server

Follow these instructions to create two instances of Directory Server:
  1. Read the installation-specific documents (Red Hat Directory Server Installation Guide and Release Notes), and verify that your system meets the requirements specified in the documentation. Ensure that all patches are installed.
  2. Unset the environment variable: unsetenv LD_LIBRARY_PATH
  3. Unpack the binaries.
  4. Run the setup program, and install an instance of Directory Server: slapd-<configInstance>.
  5. Start the Administration Server: 
    # systemctl start dirsrv-admin.service
  6. Start the Directory Server Console: 
    # redhat-idm-console
  7. Use the Directory Server Console to create a second instance of Directory Server, slapd-diopInstance.
    In the navigation pane, select the Server Group, right click, select Create Instance of Red Hat Directory Server, and follow the prompts.
  8. Disable the unsupported plug-ins in the second instance (slapd-diopInstance), which you will use for enabling the DIOP plug-in.
    1. In Red Hat Console, locate and double-click the entry for the second instance of Directory Server.
      This opens the Directory Server Console for the second instance.
    2. Select the Configuration tab, and expand Plugins.
    3. Disable each of these plug-ins listed in Table 13.1, “Plug-in Status in DIOP-Enabled Directory Server”.
      To disable a plug-in, select the plug-in, and then, on the right panel, uncheck the Enable the Plugin option. Some plug-ins may depend on other plug-ins, and you may see messages that reflect such a dependency.
  9. Use the second instance to enable the DIOP feature, which is explained in the next section.