Hi,<br><br>we use the referential integrity plug-in successfully in the configuration of 3 replicated read-write master servers. The plug-in is enabled on each server, the configuration is :<br><br>dn: cn=referential integrity postoperation,cn=plugins,cn=config<br>
objectClass: top<br>objectClass: nsSlapdPlugin<br>objectClass: extensibleObject<br>cn: referential integrity postoperation<br>nsslapd-pluginPath: libreferint-plugin<br>nsslapd-pluginInitfunc: referint_postop_init<br>nsslapd-pluginType: postoperation<br>
nsslapd-pluginEnabled: on<br>nsslapd-pluginarg0: 3600<br>nsslapd-pluginarg1: /Local/dirsrv/var/lib/dirsrv/slapd-ens/db/refer_integrity_<br> log<br>nsslapd-pluginarg2: 0<br>nsslapd-pluginarg3: ou<br>nsslapd-pluginarg4: member<br>
nsslapd-pluginarg5: uniquemember<br>nsslapd-pluginarg6: owner<br>nsslapd-plugin-depends-on-type: database<br>nsslapd-pluginId: referint<br>nsslapd-pluginVersion: 1.1.3<br>nsslapd-pluginVendor: Fedora Project<br>nsslapd-pluginDescription: referential integrity plugin<br>
nsslapd-pluginarg7: seeAlso<br>nsslapd-pluginarg8: manager<br>nsslapd-pluginarg9: secretary<br><br><br>The attributes monitored by the plug-in in our case are, as you can see : <br>ou<br>member<br>uniquemember<br>owner<br>
seeAlso<br>manager<br>secretary<br><br>We have also put a 1-hour (3600s) pause between the modification of the attribute and the cascading changes in referencing attributes. It is a precaution in case the modification was erroneous, in this case we can delete the referint file to avoid the trigger of changes.<br>
<br>All these attributes contain the DN of other entries. It is important. I am not sure that your "memberuid" attribute contains the WHOLE DN (not just the RDN part). Your /var/log/dirsrv/slapd-us72/referint file should be writeable by the user of the ldap server (as well as the folder /var/log/dirsrv/slapd-us72/). The file is created automatically, you don't need to do anything manually. The plug-in should also be activated (be default i think it is disabled).<br>
<br>There is however a bug in the plug-in - only the first rename of the entry will be taken into account (<a href="https://bugzilla.redhat.com/show_bug.cgi?id=431607">https://bugzilla.redhat.com/show_bug.cgi?id=431607</a>). So for the production purposes we use the patched version.<br>
<br><br>Hope it helps you...<br><br><br><br><br><div class="gmail_quote">2009/2/3 Tim Hartmann <span dir="ltr"><<a href="mailto:hartmann@fas.harvard.edu">hartmann@fas.harvard.edu</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">John A. Sullivan III wrote:<br>
</div><div class="Ih2E3d">> Hi, Tim. I didn't have time to peruse this (still under a nasty<br>
> deadline) but I was looking for one thing I didn't see in your post.<br>
> I'm pulling this from memory so please double check it but did you<br>
> enable the presence attribute (?) for indexing on all the items listed i<br>
> the referential integrity plugin?<br>
><br>
> By the way, if I might mention it, would you kindly post to the bottom<br>
> of future threads. Top posting makes it very difficult for newcomers to<br>
> the list to follow. Thanks - John<br>
><br>
><br>
<br>
</div>Whoops! Clearly an indication of my own newness! Bottom posting it shall<br>
be!<br>
<br>
Presence shows up as enabled by default in the index that I created.<br>
When I created the the index for memberuid both "equality" and<br>
"presence" were preselected, so I figured I'd just stick with the defaults.<br>
<br>
No worries about time, thank you very much for looking at this with me<br>
at all! I'll look forward to hearing from you when time permits!<br>
<font color="#888888"><br>
Tim<br>
</font><div><div></div><div class="Wj3C7c"><br>
<br>
--<br>
Fedora-directory-users mailing list<br>
<a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users" target="_blank">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a><br>
</div></div></blockquote></div><br>