Hi, we use the referential integrity plug-in successfully in the configuration of 3 replicated read-write master servers. The plug-in is enabled on each server, the configuration is : dn: cn=referential integrity postoperation,cn=plugins,cn=config objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject cn: referential integrity postoperation nsslapd-pluginPath: libreferint-plugin nsslapd-pluginInitfunc: referint_postop_init nsslapd-pluginType: postoperation nsslapd-pluginEnabled: on nsslapd-pluginarg0: 3600 nsslapd-pluginarg1: /Local/dirsrv/var/lib/dirsrv/slapd-ens/db/refer_integrity_ log nsslapd-pluginarg2: 0 nsslapd-pluginarg3: ou nsslapd-pluginarg4: member nsslapd-pluginarg5: uniquemember nsslapd-pluginarg6: owner nsslapd-plugin-depends-on-type: database nsslapd-pluginId: referint nsslapd-pluginVersion: 1.1.3 nsslapd-pluginVendor: Fedora Project nsslapd-pluginDescription: referential integrity plugin nsslapd-pluginarg7: seeAlso nsslapd-pluginarg8: manager nsslapd-pluginarg9: secretary The attributes monitored by the plug-in in our case are, as you can see : ou member uniquemember owner seeAlso manager secretary We have also put a 1-hour (3600s) pause between the modification of the attribute and the cascading changes in referencing attributes. It is a precaution in case the modification was erroneous, in this case we can delete the referint file to avoid the trigger of changes. All these attributes contain the DN of other entries. It is important. I am not sure that your "memberuid" attribute contains the WHOLE DN (not just the RDN part). Your /var/log/dirsrv/slapd-us72/referint file should be writeable by the user of the ldap server (as well as the folder /var/log/dirsrv/slapd-us72/). The file is created automatically, you don't need to do anything manually. The plug-in should also be activated (be default i think it is disabled). There is however a bug in the plug-in - only the first rename of the entry will be taken into account ( https://bugzilla.redhat.com/show_bug.cgi?id=431607). So for the production purposes we use the patched version. Hope it helps you... 2009/2/3 Tim Hartmann <hartmann at fas.harvard.edu> > John A. Sullivan III wrote: > > Hi, Tim. I didn't have time to peruse this (still under a nasty > > deadline) but I was looking for one thing I didn't see in your post. > > I'm pulling this from memory so please double check it but did you > > enable the presence attribute (?) for indexing on all the items listed i > > the referential integrity plugin? > > > > By the way, if I might mention it, would you kindly post to the bottom > > of future threads. Top posting makes it very difficult for newcomers to > > the list to follow. Thanks - John > > > > > > Whoops! Clearly an indication of my own newness! Bottom posting it shall > be! > > Presence shows up as enabled by default in the index that I created. > When I created the the index for memberuid both "equality" and > "presence" were preselected, so I figured I'd just stick with the defaults. > > No worries about time, thank you very much for looking at this with me > at all! I'll look forward to hearing from you when time permits! > > Tim > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20090203/a2e0dec3/attachment.html
