CA Directory persistent search settings

Document ID : KB000010865
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

As with other LDAP controls, the Persistent Search control is supported by CA Directory. 

To enable Persistent Search, you set the following flag on the DSA:

set persistent-search = true;

 Persistent searching can be used only where the namespace is managed by a single DSA. Only the local namespace is accessed, which means that there is little point in using it with routers. 
For example, persistent searching does not work in the following situations: 

- If you have update and search DSAs, then the persistent search is not likely to work unless it is done in the router. 
- If there are multiple routers, then persistent search in the router does not work. Instead, it must be done on the update DSA. 
- If there is query streaming and persistent search is done in the update DSA, the search is never sent to the update DSA, so it does not work in this situation either. 

The following is simple method to verify that Persistent Searches are being correctly handled. 

Instructions:

1. Add this line to the dsa dxi file: set persistent-search = true; 
2. Restart the dsa 
3. Copy the attached file psearch.dua to %DXHOME%/samples/ldua 
4. Edit psearch.dua and change the hostname and port value on line 15 to match the hostname and port number of the dsa 
5. Change bind user and password on line 9 
6. Change base search entry on line 26 
7. Run this command from %DXHOME%/samples/ldua: ./ldua ./psearch.dua 

At this point, the persistent search is now listening for changes happening on the dsa. The dsa will notify the persistent search client (ldua in this case) of any changes 

Perform modifications on the dsa and you will see entries being returned to the ldua client 

This is how the output looks like, note the control type: controlType: 2.16.840.1.113730.3.4.3 

This control must come in with the request to tell the DSA that this is a persistent search. This value is assigned by IETF. It is a standard value. 

--) #1 LDAP MESSAGE messageID 0 
BindRequest 
version: 3 
name: cn=Craig LINK,ou=Administration,ou=Corporate,o=DEMOCORP,c=AU 
authentication: 
simple: AdminQA1 


(-- #1 LDAP MESSAGE messageID 0 
BindResponse 
resultCode: success 
matchedDN: 
errorMessage: 

bind successful 

--) #1 LDAP MESSAGE messageID 1 
SearchRequest 
baseObject: o=democorp,c=au 
scope: wholeSubtree 
derefAliases: derefAlways 
sizeLimit: 0 
timeLimit: 0 
typesOnly: false 
filter: 
present: objectClass 
attributes: 
sn 
givenName 
controls: 
controlType: 2.16.840.1.113730.3.4.3 
non-critical 
controlValue: 30 09 02 01 0f 01 01 ff 01 01 ff -) 0.......... 

File Attachments:
TEC1619705.zip