Working with the Referential Integrity plugin - PingDirectory - 9.0


PingDirectory 9.0

Referential Integrity is a plugin mechanism that maintains the distinguished name (DN) references between an entry and a group member attribute. If you have a group entry consisting of member attributes specifying the DNs of printers, you can enable the referential integrity plugin to ensure that the group entry is automatically removed if a printer entry is removed from the Directory Server.

By default, the Referential Integrity plugin is disabled. When enabled, the plugin performs integrity updates on the specified attributes, such as member or uniquemember, after a delete, modify DN, or a rename, such as subordinate modifyDN, operation is logged to the logs/ referint file. If an entry is deleted, the plugin checks the log file and makes the corresponding change to the associated group entry.

Important points about the Referential Integrity plugin:

  • Index all specified attributes that are configured for Referential Integrity.
  • On replicated servers, the Referential Integrity plugin configuration is not propagated to other replicas. You must manually enable the plugin on each replica.
  • The plugin settings must be identical on all machines.
  • If the Referential Integrity plugin is enabled and configured to operate in synchronous mode, subtree delete operations are not allowed. You must configure the plugin to operate in asynchronous mode by specifying a nonzero update interval for subtree delete operations to perform.

Enable the Referential Integrity plugin.

  1. Determine the attributes needed for your system.

    By default, the member and the uniquemember attributes are set for the plugin.

  2. To enable the Referential Integrity plugin, run the dsconfig tool.
    $ bin/dsconfig set-plugin-prop --plugin-name "Referential Integrity" \
      --set enabled:true