new licenses must be generated for the new version of the software
the data column on the entries table has been removed and replaced with a entries_data table that is partitioned by the uoid column
existing data will be migrated to the new table
use timestamps without time zone
new events will use createdAt and updatedAt properties in ISO8601 UTC instead of createTimestamp and modifyTimestamp properties
entries tables data column has been removed in favor of the entries_data table
entries tables meta column has been removed in favor of the uuid, dn, etag, createdAt, and updatedAt columns
changed ldap.idlePeriodForCheckpoint -> ldap.idlePeriod with the default of 5 seconds
Whatβs new
the uuid and dn columns have been added to the entries
use product based detection to resolve the attribute names of entryUUID, createTimestamp, modifyTimestamp, and eTag attributes
objectClass and structuralObjectClass are always observed
new entries_data tables which holds the data of the entries as attribute-value pairs
use more bytes for the hash for the etag calculation to reduce the chance of collisions
entries.dn lookups are now case-insensitive
use new commits table instead of transactions ids to prevent collisions when the transactions ids roll-over
the modifyTimestamp and revision attributes are no longer used for continuous searches
this prevents change notifications from being sent for every change to an entry
allow to define sets of attributes to pre-compute their data which can be used to speed up search responses
allow to define attributes which should be indexed for optimized partial matching (substring and approximate) searches
new channels to access the data via LDAP
only search operations where all attributes (filter, sort, and requested attributes) are observed will be executed
supported search controls are Simple Paged Results, Server Side Sorting, and Virtual List View
additionally to the well known scopes (base, one, and sub) the subordinate_subtree (3) scope is supported β it indicates that any subordinate entries (to any depth) below the entry specified by the base DN should be considered, but the base entry itself should not be considered, as described in draft-sermersheim-ldap-subordinate-scope
additionally to the well known filters (and, or, not, equality, substring, greaterOrEqual, lessOrEqual, and present) the two following filters are supported:
approximate: used to determine whether an entry contains at least one value for a specified attribute that is approximately equal to a given value β for example, a filter of (givenName~=John) will match entries with givenName values of either John or Jon.
extensible dn match: used to determine whether an entry contains at least one value for a specified attribute that matches a given value, where the match is based on the DN of the entry β for example, a filter of (ou:dn:=Engineering) will match entries with an ou attribute value of Engineering that are subordinate to the base DN.
the etag attribute is based on the values of the observed attributes β if any of the observed attributes change, the etag will change
all other operations will be forwarded to the source LDAP server
detailed metrics are available via the prometheus endpoint
to only use channels (eg load balancing) start the application with one of the following options:
the --readonly (-r) flag
IDENTITY_SCRIBE_READONLY=1, IDENTITY_SCRIBE_READONLY=true, or IDENTITY_SCRIBE_READONLY=yes environment variable
IDENTITY_SCRIBE_TRANSCRIBE_ENABLED=0, IDENTITY_SCRIBE_TRANSCRIBE_ENABLED=false, or IDENTITY_SCRIBE_TRANSCRIBE_ENABLED=no environment variable
Fixes
do not emit events with empty operations
auto-generated table partitions are now created with the correct range (off-by-one error)
renaming an entry now correctly updates the naming attributes values
all enviroment variables can now be set either via system environment variables with prefix IDENTITY_SCRIBE_<...> or using command line properties -D<...> β for example IDENTITY_SCRIBE_READONLY=1 identity-scribe or identity-scribe -DREADONLY=1
issued licenses are now valid when used with clustered LDAP servers