Sodium Sync enables synchronization between directory servers and other data sources such as files and databases. On this page you can learn about Data Format Support, Access, Authentication and Connection Security, Sync by Email, Air Gap and Data Diode, Performance and Scaling, Use with M-Vault and X.500 DISP Replication.

On other pages you can read about Sync Configuration and SchedulingData Transformation Mapping and Merging, how Sodium Sync can combine syncs and data checks into a Directory Replication Workflow and Sodium Sync Conformance.

Data Format Support

Sodium Sync’s primary goal is to synchronize directories supporting LDAP or X.500 DAP access.

LDIF (LDAP Data Interchange Format) defines a text format for representing directory data. LDIF files will generally be used to hold data corresponding to a directory subtree. LDIF is widely used for exchanging data between directories. Sodium Sync treats an LDIF file as equivalent to an LDAP or DAP directory subtree, and an LDIF file can be used as source or target for a sync. LDIF is often a good choice for integration with non-directory systems, as it is functionally equivalent to a directory.

LDIF can be used to represent a set of actions on a directory, which can also be consider as a 'delta'. The term 'change LDIF' is used to distinguish this type of file from an LDIF file that represents a sub-tree. Change LDIFs are used to support Sync by Email. Change LDIFs can be useful for ad hoc directory management, and so Sodium Sync enables loading of change LDIF, and comparison of two sources and generation of a change LDIF to represent the delta.

There is often the requirement to handle data from other (non-LDAP/DAP/LDIF) sources with directory synchronization, for example to take data from an HR system and make available in a directory service. Sodium Sync provides support for data import and export using two widely used interfaces:

  • CSV (Comma Separated Value) format files (RFC 4180).
  • SQL Databases.

Access, Authentication and Connection Security

Sodium Sync shares directory access with Isode Sodium directory management GUI, and details are shared with Sodium. Sodium offers two primary protocol access mechanisms, with a number of security options:

Sync by Email, Air Gap and Data Diode

There are a number of situations where normal directory replication protocols cannot be used. For example:

  • In constrained bandwidth environments such as HF radio, where performance will be poor.
  • Across secure boundaries, where directory replication and access protocols may not be used.
  • At firewalls with 'air gap' requirements.
  • Over data diodes.

Sodium Sync provides a number of related solutions for these environments. Email is often a practical communication mechanism when directory replication cannot be used, so directory replication over email is a key building block.

Sodium Sync provides capabilities to generate LDIF changes relative to an automatically stored reference copy. This enables Sodium Sync to generate a sequence of change LDIFs, and for another copy of Sodium Sync to robustly apply them, checking for duplicates, missing updates and out of order changes. It can also drive 'transport' programs before or after it runs. This provides capability to replicate between directory servers using email, or to provide directory replication across an 'air gap' gateway.

More information on synchronization by email and scenarios that require it are given in the whitepaper [Directory Replication by Email and over 'Air Gap']. Information on using this capability with M-Switch is given in the whitepaper [File Transfer by Email].

Sodium Sync can also be used to perform directory replication over a data diode, to support directory replication in secure environments with one way data flow. This is described in the whitepaper [Using Isode's Messaging and Directory Applications with a Data Diode].


Commonly used Sodium Sync features are available for GUI configuration. Custom features can be configured using XML templates, with further extensibility by use of scripting languages including Javascript.


Attribute syntax checks and custom data mappings can be defined in XML. XML provides a flexible mechanism for mapping information, that includes selection and transformation of attribute values using regular expressions. When this is insufficient, mappings can be extended by the user of scripting


Sodium Sync supports scripting languages using the JSR 223 interface. Javascript is built in (with sample profiles written in Javascript provided) and a wide range of other scripting languages can be loaded including JACL, jRuby and jython. This support enables complex mappings to be specified, for example mappings requiring access to an external database.

Performance and Scaling

The basic operational mode of Sodium Sync does a "full update" on each run. This works by reading data from both directories, and then applying any necessary changes to the target directory. This is robust, straightforward, and works with any LDAP or DAP directory. Sodium Sync works by streaming data, and minimizes the amount of data it holds at any time. This enables it to scale to synchronize very large directory information trees. Paged results may be used.

On a modern Core i5 machine, between fast directory servers such as Isode's M-Vault, typical performance for Sodium-Sync is around 300 entries per second. This makes it practical to synchronize several thousand entries with updates at very short intervals.

Use with M-Vault and X.500 DISP Replication

Sodium Sync is often used with Isode's M-Vault directory server, which uses X.500 DISP replication. DISP's resilience and efficiency make it the preferred method of replicating data between directories. Sodium Sync provides a solution for situations where DISP cannot be used, including:

  • Replication with a Directory that does not support DISP.
  • Support of non-directory sources.
  • Handling data transformation on relocation.
  • Handling schema changes.

The merits of the different approaches to replication are discussed in the Isode whitepaper [Replicating and Synchronizing Data between Directory Servers].