[389-users] Referential Integrity
Mark Reynolds
mareynol at redhat.com
Tue Mar 17 18:12:53 UTC 2015
On 03/16/2015 06:50 PM, William wrote:
>>> nsslapd-pluginAllowReplUpdates
>>>
>>> It looks like there is no documentation about how this config value
>>> works though: and the values it influences aren't widely through the
>>> code so I can't confirm if it's a finished feature.
>> It is finished, and I will write a design document for it on the wiki
>> (port389.org).
> Thanks for that. I'd like to look at this document once you are done.
>
>
>>> Can someone confirm if how I'm interpreting this is correct, and if we
>>> should open a documentation bug to get this documented?
>> So, by setting this to "on", it allows delete operations that come from
>> replication to be processed by the RI plugin. Usually the RI plugin
>> ignores replicated delete operations because it is assumed the supplier
>> replica has the RI plugin enabled, and it has already performed the
>> group cleanup(and those changes are replicated). So there is no need to
>> do it twice. However, there are some scenarios where the supplier might
>> NOT have enabled the RI plugin. In this case we do want the local RI
>> plugin to process the replicated delete operation, and this is where
>> this setting would come into play.
> So in the case of having RI on two ldap servers, you would set this to
> off, since the server that handled the delete will replicate the other
> updates soon after. In the case of RI on a single server, when the
> non-RI server issues a delete, the RI enabled server would be triggered
> to run the RI checks. Is that correct?
Correct, but the RI enabled server needs to have
nsslapd-pluginAllowReplUpdates set to "on" if there are any other
master/supplier replication servers that do not have RI plugin enabled.
>
> Given that you seem to be quite familiar with the refint code, can you
> comment on the ability to run two masters with both having the plugin
> enabled?
This is the preferred way, and requires no "special" configuration
steps. Ideally all the servers in a replicated deployment should have
the same plugin configurations. It's when server configurations are not
the same that you can run into issues(e.g. needing to set
nsslapd-pluginAllowReplUpdates to "on", etc).
>
More information about the 389-users
mailing list