[389-users] Referential Integrity
William
william at firstyear.id.au
Mon Mar 16 22:50:07 UTC 2015
> >
> > nsslapd-pluginAllowReplUpdates
> >
> > It looks like there is no documentation about how this config value
> > works though: and the values it influences aren't widely through the
> > code so I can't confirm if it's a finished feature.
> It is finished, and I will write a design document for it on the wiki
> (port389.org).
Thanks for that. I'd like to look at this document once you are done.
> > Can someone confirm if how I'm interpreting this is correct, and if we
> > should open a documentation bug to get this documented?
> So, by setting this to "on", it allows delete operations that come from
> replication to be processed by the RI plugin. Usually the RI plugin
> ignores replicated delete operations because it is assumed the supplier
> replica has the RI plugin enabled, and it has already performed the
> group cleanup(and those changes are replicated). So there is no need to
> do it twice. However, there are some scenarios where the supplier might
> NOT have enabled the RI plugin. In this case we do want the local RI
> plugin to process the replicated delete operation, and this is where
> this setting would come into play.
So in the case of having RI on two ldap servers, you would set this to
off, since the server that handled the delete will replicate the other
updates soon after. In the case of RI on a single server, when the
non-RI server issues a delete, the RI enabled server would be triggered
to run the RI checks. Is that correct?
Given that you seem to be quite familiar with the refint code, can you
comment on the ability to run two masters with both having the plugin
enabled?
--
William <william at firstyear.id.au>
More information about the 389-users
mailing list