Manualshelf

Red Hat Directory Server 8.0 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Red Hat Directory Server Software
61626364656667686970
NOTE
The Referential Integrity Plug-in should only be enabled on one supplier replica
in a multi-master replication environment to avoid conflict resolution loops. When
enabling the plug-in on servers issuing chaining requests, be sure to analyze
performance resource and time needs, as well as your integrity needs. Integrity
checks can be time-consuming and draining on memory and CPU.
Whenever a user or group entry is deleted or renamed in the directory, the operation is logged
to the referential integrity log file (/var/log/dirsrv/slapd-instance_name). After a specified
time, known as the update interval, the server performs a search on all attributes for which
referential integrity is enabled and matches the entries resulting from that search with the DNs
of deleted or modified entries present in the log file. If the log file shows that the entry was
deleted, the corresponding attribute is deleted. If the log file shows that the entry was changed,
the corresponding attribute value is modified accordingly.
By default, when the Referential Integrity Plug-in is enabled, it performs integrity updates on the
member, uniquemember, owner, and seeAlso attributes immediately after a delete or rename
operation. However, the behavior of the Referential Integrity Plug-in can be configured to suit
the needs of the directory in several different ways:
Record referential integrity updates in the replication changelog.
Modify the update interval.
Select the attributes to which to apply referential integrity.
Disable referential integrity.
All attributes used in referential integrity must be indexed for presence and equality; not
indexing those attributes results poor server performance for modify and delete operations. See
Section 2, “Creating Indexes” for more information about checking and creating indexes.
5.2. Using Referential Integrity with Replication
There are certain limitations when using the Referential Integrity Plug-in in a replication
environment:
Never enable it on a dedicated consumer server (a server that contains only read-only
replicas).
Never enable it on a server that contains a combination of read-write and read-only replicas.
It is possible to enable it on a supplier server that contains only read-write replicas.
Chapter 2. Creating Directory Entries
42