[389-users] Referential Integrity
Mark Reynolds
mareynol at redhat.com
Mon Mar 16 14:09:00 UTC 2015
On 03/15/2015 07:14 PM, William wrote:
>> Anyway, I think I'd need to look at the internals of the plugin at this
>> point to work out for sure what's going on.
>>
>
> Looks like someone already did this.
>
> nsslapd-pluginAllowReplUpdates
>
> It looks like there is no documentation about how this config value
> works though: and the values it influences aren't widely through the
> code so I can't confirm if it's a finished feature.
It is finished, and I will write a design document for it on the wiki
(port389.org).
>
> If you set this on the plugin, to "on" (I think it defaults to off),
> then on certain operations the integrity checks are bypassed on
> replicated operations.
>
> You can see this on line 726 of
> ds/ldap/servers/plugins/referint/referint.c
>
>
> Can someone confirm if how I'm interpreting this is correct, and if we
> should open a documentation bug to get this documented?
So, by setting this to "on", it allows delete operations that come from
replication to be processed by the RI plugin. Usually the RI plugin
ignores replicated delete operations because it is assumed the supplier
replica has the RI plugin enabled, and it has already performed the
group cleanup(and those changes are replicated). So there is no need to
do it twice. However, there are some scenarios where the supplier might
NOT have enabled the RI plugin. In this case we do want the local RI
plugin to process the replicated delete operation, and this is where
this setting would come into play.
Mark
>
More information about the 389-users
mailing list