Directory Services 7.4.3

Referential Integrity Plugin

The Referential Integrity Plugin maintains referential integrity for DN valued attributes.

The values of these attributes can reference entries that have been deleted by a delete operation or renamed by a modify DN operation. The referential integrity plug-in either removes stale references to deleted entries or updates references to renamed entries. The plug-in allows the scope of this referential check to be limited to a set of base DNs if desired. The plug-in also can be configured to perform the referential checking in the background mode specified intervals.

Parent

The Referential Integrity Plugin object inherits from Plugin.

Referential Integrity Plugin properties

You can use configuration expressions to set property values at startup time. For details, see Property value substitution.

Basic Properties Advanced Properties

attribute-type
base-dn
check-references
check-references-filter-criteria
check-references-scope-criteria
enabled
log-file
update-interval

invoke-for-internal-operations
java-class
plugin-type

Basic properties

Use the --advanced option to access advanced properties.

attribute-type

Synopsis

Specifies the attribute types for which referential integrity is to be maintained.

Description

At least one attribute type must be specified, and the syntax of any attributes must be either a distinguished name (1.3.6.1.4.1.1466.115.121.1.12) or name and optional UID (1.3.6.1.4.1.1466.115.121.1.34).

Default value

None

Allowed values

The name of an attribute type defined in the LDAP schema.

Multi-valued

Yes

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

base-dn

Synopsis

Specifies the base DN that limits the scope within which referential integrity is maintained.

Default value

Referential integrity is maintained in all public naming contexts.

Allowed values

A valid DN.

Multi-valued

Yes

Required

No

Admin action required

None

Advanced

No

Read-only

No

check-references

Synopsis

Specifies whether reference attributes must refer to existing entries.

Description

When this property is set to true, this plugin will ensure that any new references added as part of an add or modify operation point to existing entries, and that the referenced entries match the filter criteria for the referencing attribute, if specified.

Default value

false

Allowed values

true

false

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

check-references-filter-criteria

Synopsis

Specifies additional filter criteria which will be enforced when checking references.

Description

If a reference attribute has filter criteria defined then this plugin will ensure that any new references added as part of an add or modify operation refer to an existing entry which matches the specified filter.

Default value

None

Allowed values

An attribute-filter mapping.

Multi-valued

Yes

Required

No

Admin action required

None

Advanced

No

Read-only

No

check-references-scope-criteria

Synopsis

Specifies whether referenced entries must reside within the same naming context as the entry containing the reference.

Description

The reference scope will only be enforced when reference checking is enabled.

Default value

global

Allowed values

  • global: References may refer to existing entries located anywhere in the Directory.

  • naming-context: References must refer to existing entries located within the same naming context.

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

enabled

Synopsis

Indicates whether the plug-in is enabled for use.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

log-file

Synopsis

Specifies the log file location where the update records are written when the plug-in is in background-mode processing.

Description

The default location is the logs directory of the server instance, using the file name "referint".

Default value

logs/referint

Allowed values

A path to an existing file that is readable by the server.

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

update-interval

Synopsis

Specifies the interval in seconds when referential integrity updates are made.

Description

If this value is 0, then the updates are made synchronously in the foreground.

Default value

0 seconds

Allowed values

Uses duration syntax.

Lower limit: 0 seconds.

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

Advanced properties

Use the --advanced option to access advanced properties.

invoke-for-internal-operations

Synopsis

Indicates whether the plug-in should be invoked for internal operations.

Description

Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operations that can cause the same plug-in to be re-invoked.

Default value

true

Allowed values

true

false

Multi-valued

No

Required

No

Admin action required

None

Advanced

Yes

Read-only

No

java-class

Synopsis

Specifies the fully-qualified name of the Java class that provides the plug-in implementation.

Default value

org.opends.server.plugins.ReferentialIntegrityPlugin

Allowed values

A Java class that extends or implements:

  • org.opends.server.api.plugin.DirectoryServerPlugin

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

Yes

Read-only

No

plugin-type

Synopsis

Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked.

Default value

postoperationdelete

postoperationmodifydn

subordinatemodifydn

subordinatedelete

preoperationadd

preoperationmodify

Allowed values

  • initialization: Invoked at the initialization of the directory server.

  • intermediateresponse: Invoked before sending an intermediate response message to the client.

  • ldifimport: Invoked for each entry read during an LDIF import.

  • ldifimportbegin: Invoked at the beginning of an LDIF import session.

  • ldifimportend: Invoked at the end of an LDIF import session.

  • postcommitadd: Invoked after completing post-commit processing for an add operation.

  • postcommitdelete: Invoked after completing post-commit processing for a delete operation.

  • postcommitmodify: Invoked after completing post-commit processing for a modify operation.

  • postcommitmodifydn: Invoked after completing post-commit processing for a modify DN operation.

  • postconnect: Invoked whenever a new connection is established to the server.

  • postdisconnect: Invoked whenever an existing connection is terminated (by either the client or the server).

  • postoperationabandon: Invoked after completing the abandon processing.

  • postoperationadd: Invoked after completing the core add processing but before sending the response to the client.

  • postoperationbind: Invoked after completing the core bind processing but before sending the response to the client.

  • postoperationcompare: Invoked after completing the core compare processing but before sending the response to the client.

  • postoperationdelete: Invoked after completing the core delete processing but before sending the response to the client.

  • postoperationextended: Invoked after completing the core extended processing but before sending the response to the client.

  • postoperationmodify: Invoked after completing the core modify processing but before sending the response to the client.

  • postoperationmodifydn: Invoked after completing the core modify DN processing but before sending the response to the client.

  • postoperationsearch: Invoked after completing the core search processing but before sending the response to the client.

  • postoperationunbind: Invoked after completing the unbind processing.

  • postresponseadd: Invoked after sending the add response to the client.

  • postresponsebind: Invoked after sending the bind response to the client.

  • postresponsecompare: Invoked after sending the compare response to the client.

  • postresponsedelete: Invoked after sending the delete response to the client.

  • postresponseextended: Invoked after sending the extended response to the client.

  • postresponsemodify: Invoked after sending the modify response to the client.

  • postresponsemodifydn: Invoked after sending the modify DN response to the client.

  • postresponsesearch: Invoked after sending the search result done message to the client.

  • postsynchronizationadd: Invoked after completing post-synchronization processing for an add operation.

  • postsynchronizationdelete: Invoked after completing post-synchronization processing for a delete operation.

  • postsynchronizationmodify: Invoked after completing post-synchronization processing for a modify operation.

  • postsynchronizationmodifydn: Invoked after completing post-synchronization processing for a modify DN operation.

  • preoperationadd: Invoked prior to performing the core add processing.

  • preoperationbind: Invoked prior to performing the core bind processing.

  • preoperationcompare: Invoked prior to performing the core compare processing.

  • preoperationdelete: Invoked prior to performing the core delete processing.

  • preoperationextended: Invoked prior to performing the core extended processing.

  • preoperationmodify: Invoked prior to performing the core modify processing.

  • preoperationmodifydn: Invoked prior to performing the core modify DN processing.

  • preoperationsearch: Invoked prior to performing the core search processing.

  • preparseabandon: Invoked prior to parsing an abandon request.

  • preparseadd: Invoked prior to parsing an add request.

  • preparsebind: Invoked prior to parsing a bind request.

  • preparsecompare: Invoked prior to parsing a compare request.

  • preparsedelete: Invoked prior to parsing a delete request.

  • preparseextended: Invoked prior to parsing an extended request.

  • preparsemodify: Invoked prior to parsing a modify request.

  • preparsemodifydn: Invoked prior to parsing a modify DN request.

  • preparsesearch: Invoked prior to parsing a search request.

  • preparseunbind: Invoked prior to parsing an unbind request.

  • searchresultentry: Invoked before sending a search result entry to the client.

  • searchresultreference: Invoked before sending a search result reference to the client.

  • shutdown: Invoked during a graceful directory server shutdown.

  • startup: Invoked during the directory server startup process.

  • subordinatedelete: Invoked in the course of deleting a subordinate entry of a delete operation.

  • subordinatemodifydn: Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation.

Multi-valued

Yes

Required

Yes

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

Yes

Read-only

No