Referential Integrity is a plugin mechanism that maintains the distinguished name (DN) references between an entry and a group member attribute. If you have a group entry consisting of member attributes specifying the DNs of printers, you can enable the referential integrity plugin to ensure that the group entry is automatically removed if a printer entry is removed from the Directory Server.
By default, the Referential Integrity plugin is disabled. When enabled, the plugin performs
integrity updates on the specified attributes, such as
uniquemember, after a delete, modify DN, or a rename, such as subordinate
modifyDN, operation is logged to the logs/ referint
file. If an entry is deleted, the plugin checks the log file and makes the corresponding
change to the associated group entry.
Important points about the Referential Integrity plugin:
- Index all specified attributes that are configured for Referential Integrity.
- On replicated servers, the Referential Integrity plugin configuration is not propagated to other replicas. You must manually enable the plugin on each replica.
- The plugin settings must be identical on all machines.
- If the Referential Integrity plugin is enabled and configured to operate in synchronous mode, subtree delete operations are not allowed. You must configure the plugin to operate in asynchronous mode by specifying a nonzero update interval for subtree delete operations to perform.
Enable the Referential Integrity plugin.
Determine the attributes needed for your system.
By default, the
uniquememberattributes are set for the plugin.
To enable the Referential Integrity plugin, run the dsconfig
$ bin/dsconfig set-plugin-prop --plugin-name "Referential Integrity" \ --set enabled:true