[389-users] Referential Integrity
Mark Reynolds
mareynol at redhat.com
Wed Mar 18 13:54:49 UTC 2015
On 03/17/2015 06:11 PM, William wrote:
>>> So in the case of having RI on two ldap servers, you would set this to
>>> off, since the server that handled the delete will replicate the other
>>> updates soon after. In the case of RI on a single server, when the
>>> non-RI server issues a delete, the RI enabled server would be triggered
>>> to run the RI checks. Is that correct?
>> Correct, but the RI enabled server needs to have
>> nsslapd-pluginAllowReplUpdates set to "on" if there are any other
>> master/supplier replication servers that do not have RI plugin enabled.
>>
> Thanks for making sure I was clear on this.
>
>>> Given that you seem to be quite familiar with the refint code, can you
>>> comment on the ability to run two masters with both having the plugin
>>> enabled?
>> This is the preferred way, and requires no "special" configuration
>> steps. Ideally all the servers in a replicated deployment should have
>> the same plugin configurations. It's when server configurations are not
>> the same that you can run into issues(e.g. needing to set
>> nsslapd-pluginAllowReplUpdates to "on", etc).
> Interesting. All the Redhat 389 documentation states that you should NOT
> enable this on multiple masters. Is this recommendation in the
> documentation something that should be reviewed?
Yeah this is probably outdated. In the RI plugin there is specific code
to ignore replicated operations (hence the reason for the new config
setting). By default this will all work just fine, the config setting
is only for corner cases where the masters do not have the RI plugin
enabled, but the hubs/consumers do.
I'll be including this in the my write up. Hopefully I can get it done
this week.
>
>
More information about the 389-users
mailing list