[Fedora-directory-users] Referential Integrity

[Tim Hartmann]

So After my trials and tribulations with " Referrals for Update
Operations"  (thanks again, you guys rock!) hence  known as "Tim's
continuing  LDAP Saga and Viking Cha-Cha"

I came across "Referential Integrity" in the docs, and boy howdy does it
look useful!
http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Creating_Directory_Entries-Maintaining_Referential_Integrity.html

I had a couple of concerns, before I enabled it that I was hoping people
could chime in on!


1) I'd like to have Referential Integrity monitor the memberUid field as
well, but I was unclear in the documentation if when scanning the
directory if it scans ALL the directories hosted by a given server, or
just searches in the directory where the user was deleted?

for example, I have two root suffixes,  both of which contain  users and
groups ,  and more often then we'd like user "foo" exists in both...

dc=example,dc=edu

dc=dept,dc=example,dc=edu

if I delete user uid=foo,ou=People,dc=dept,dc=example,dc=edu

would the Referential Integrity plug in know to leave  any instance of 
"uid=foo" and "memberUid=foo" in the dc=example,dc=edu branch alone?


2) I have 2 Masters (set up to be Multi Masters) and 4 Replica's,  There
are a number of warnings about setting this up only on 1 of the Masters
(which shouldn't be a problem), in the case that M1 is configured with
the Referential Integrity plug in, and it goes down for some amount of
time, and a user is deleted, will the plugin "Catch up" once M1 has been
brought back online?


Thanks for the input!


Tim