Kimmo Koivisto wrote:
> Hello
>
> I tried the referential integrity plug-in and it worked as expected with
> single master environment and groupofnames and groupofuniquenames groups.
> I read the admin guide but there were some things that I did not fully
> understand:
>
> 1. How about multimaster environment, if I have servers A and B and I enable
> plug-in to server A. When change is done to the server B, server A shoud make
> deletions ar modifications to the directory.
>
No. The referint plug-in will not replicate changes. From referint.c:
/* this plugin should only execute if the operation was successful
and this is not a replicated op
*/
if(oprc != 0 || isrepop){
return( 0 );
}
So you should enable the referint plug-in on all servers.
> But what if the server A is down for maintenance and user is deleted from
> server B, what happends? Does the server A do anything when it is started
> after maintenance?
>
Once the server is restarted it will attempt to resync with the other
server. Both the external deletion and the internal modification
operation will be replicated to the other server.
> 2. How to enable referential integrity to the memberUid attribute?
> I have user cn=user,c=fi that has uid=user and that user is added to group
> example so that there is attribute memberUid=user.
>
Is value of memberUid the full DN of the user or just the userid? I
don't think it will work, in either case. If it is the full DN, then
the syntax definition is not correct - memberUid has SYNTAX for case
sensitive string, but it would need to have
1.3.6.1.4.1.1466.115.121.1.12 distinguished name in order for equality
seaches to work correctly.
If memberUid is just the user id, then referential integrity won't work
because it was only designed to deal with DN valued attributes, such as
member, uniquemember, owner, and seeAlso.
I think you would have to change the referential integrity code to use
attributes other than the DN to look up the entries to change the
references to.
> When user is deleted, uid should be removed from example group. How to achieve
> this?
> I tried to add nsslapd-pluginarg7=memberUid to the plugin but it did not work.
>
> I'm testing this with FC4 and FDS 1.0.4.
>
> Best Regards
> Kimmo Koivisto
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20061113/043e13df/attachment.bin
