This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 1297519 - Referint plugin is not working as expected (1.2.11.15 version only)
Referint plugin is not working as expected (1.2.11.15 version only)
Status: CLOSED CURRENTRELEASE
Product: Red Hat Directory Server
Classification: Red Hat
Component: Documentation (Show other bugs)
9.0
Unspecified Unspecified
unspecified Severity unspecified
: DS9.0
: ---
Assigned To: Marc Muehlfeld
Viktor Ashirov
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-11 13:42 EST by German Parente
Modified: 2017-03-14 06:28 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-03-14 06:28:40 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description German Parente 2016-01-11 13:42:23 EST
Description of problem:

In RHDS9.X documentation we see that referint plugin should be enabled in only one master in any multimaster topology:


================================
The Referential Integrity Plug-in should only be enabled on one supplier replica in a multi-master replication environment to avoid conflict resolution loops. When enabling the plug-in on servers issuing chaining requests, be sure to analyze performance resource and time needs, as well as your integrity needs. Integrity checks can be time-consuming and draining on memory and CPU. 
================================

Also:

================================
With multi-master replication, enable the plug-in on just one supplier. 
================================

Link here:

https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Creating_Directory_Entries-Maintaining_Referential_Integrity.html

However, replicated operations are skipped from the postop_del (and postop_mdrdn) plugin. So, integrity is not preserved when we delete an entry in a master where the referint plugin is not enabled:

==================================================
        if ( slapi_pblock_get( pb, SLAPI_IS_REPLICATED_OPERATION, &isrepop ) != 0  ||
             slapi_pblock_get( pb, SLAPI_DELETE_TARGET_SDN, &sdn ) != 0  ||
             slapi_pblock_get(pb, SLAPI_PLUGIN_OPRETURN, &oprc) != 0)
        {
            slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
                             "referint_postop_del: could not get parameters\n" );
            return( -1 );
        }

        /* this plugin should only execute if the delete was successful
                   and this is not a replicated op
            */
        if(oprc != 0 || isrepop)
        {
            return( 0 );
        }
==================================================

So, either we add functionality in 1.3 version or we fix the doc.

To reproduce:

Multimaster M1 <--> M2.

Enable referint in M1.

do any operation involving referint. Example:

dn: cn=user48,ou=people,o=redhat
changetype: add
objectclass: inetorgperson
cn: user48
sn: user48
userpassword: user48

dn: cn=user49,ou=people,o=redhat
changetype: modify
add: owner
owner: cn=user48,ou=people,o=redhat

Then, DEL "cn=user48,ou=people,o=redhat" in M1. The integrity will be preserved.

But if the DEL is in M2, the integrity will not be preserved and the attribute "owner" will still be present in the entry.

Thanks and regards,

German.
Comment 2 mreynolds 2016-01-12 15:12:02 EST
This should be converted to a doc bug, as these statements are no longer correct.  Every supplier NEEDS to have the RI plugin enabled.
Comment 3 mreynolds 2016-01-18 13:42:08 EST
Changing to doc bug.  The information about the RI plugin has been outdated for a long time.  It no longer applies to DS 9 and up.
Comment 4 Marc Muehlfeld 2017-02-01 04:43:21 EST
(In reply to mreynolds from comment #3)
> The information about the RI plugin has been outdated
> for a long time. It no longer applies to DS 9 and up.

In this case, I suggest to review the sections and I will update them.

Mark, can you please review the following sections about RI and let me know what needs to be updated? If a lot of the content is outdated and needs to be rewritten/updated, it would be great if you could provide the details in an Etherpad or something similar.


Admin Guide: 3.6. Maintaining Referential Integrity
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Creating_Directory_Entries-Maintaining_Referential_Integrity.html

Configuration Command and File Reference: 4.1.45. Referential Integrity Postoperation Plug-in
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Configuration_Command_and_File_Reference/Plug_in_Implemented_Server_Functionality_Reference.html#Referential_Integrity_Postoperation_Plug_in

Installation Guide: Example 5.5. Old-style configuration syntax
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Installation_Guide/Pre-migration_Tasks.html#Referential_Integrity_Plug-in_Syntax


Thanks for your help.
Comment 5 mreynolds 2017-02-03 07:55:43 EST
(In reply to Marc Muehlfeld from comment #4)
> (In reply to mreynolds from comment #3)
> > The information about the RI plugin has been outdated
> > for a long time. It no longer applies to DS 9 and up.
> 
> In this case, I suggest to review the sections and I will update them.
> 
> Mark, can you please review the following sections about RI and let me know
> what needs to be updated? If a lot of the content is outdated and needs to
> be rewritten/updated, it would be great if you could provide the details in
> an Etherpad or something similar.
> 
> 
> Admin Guide: 3.6. Maintaining Referential Integrity
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/
> html/Administration_Guide/Creating_Directory_Entries-
> Maintaining_Referential_Integrity.html

This looks okay, it discusses the new configuration attributes

> 
> Configuration Command and File Reference: 4.1.45. Referential Integrity
> Postoperation Plug-in
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/
> html/Configuration_Command_and_File_Reference/
> Plug_in_Implemented_Server_Functionality_Reference.
> html#Referential_Integrity_Postoperation_Plug_in

This looks odd.  The "Configuration Arguments" seems incomplete.  It's confusing.

> 
> Installation Guide: Example 5.5. Old-style configuration syntax
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/
> html/Installation_Guide/Pre-migration_Tasks.html#Referential_Integrity_Plug-
> in_Syntax

Looks good.

> 
> 
> Thanks for your help.
Comment 7 Marc Muehlfeld 2017-03-14 06:28:40 EDT
The update is now available on the Customer Portal.

Note You need to log in before you can comment on or make changes to this bug.