Re: Questions about the referential integrity plug-in

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Kimmo Koivisto wrote:

Hello
I tried the referential integrity plug-in and it worked as expected with single master environment and groupofnames and groupofuniquenames groups. I read the admin guide but there were some things that I did not fully understand:
1. How about multimaster environment, if I have servers A and B and I enable plug-in to server A. When change is done to the server B, server A shoud make deletions ar modifications to the directory. 
No.  The referint plug-in will not replicate changes.  From referint.c:
   /* this plugin should only execute if the operation was successful
      and this is not a replicated op
   */
   if(oprc != 0 || isrepop){
     return( 0 );
   }

So you should enable the referint plug-in on all servers.
But what if the server A is down for maintenance and user is deleted from server B, what happends? Does the server A do anything when it is started after maintenance?
Once the server is restarted it will attempt to resync with the other server. Both the external deletion and the internal modification operation will be replicated to the other server. 
2. How to enable referential integrity to the memberUid attribute?
I have user cn=user,c=fi that has uid=user and that user is added to group example so that there is attribute memberUid=user.
Is value of memberUid the full DN of the user or just the userid? I don't think it will work, in either case. If it is the full DN, then the syntax definition is not correct - memberUid has SYNTAX for case sensitive string, but it would need to have 1.3.6.1.4.1.1466.115.121.1.12 distinguished name in order for equality seaches to work correctly.
If memberUid is just the user id, then referential integrity won't work because it was only designed to deal with DN valued attributes, such as member, uniquemember, owner, and seeAlso.
I think you would have to change the referential integrity code to use attributes other than the DN to look up the entries to change the references to.
When user is deleted, uid should be removed from example group. How to achieve this? 
I tried to add nsslapd-pluginarg7=memberUid to the plugin but it did not work.

I'm testing this with FC4 and FDS 1.0.4.

Best Regards
Kimmo Koivisto


--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux