Red Hat Bugzilla – Bug 1297519
Referint plugin is not working as expected (184.108.40.206 version only)
Last modified: 2017-03-14 06:28:40 EDT
Description of problem:
In RHDS9.X documentation we see that referint plugin should be enabled in only one master in any multimaster topology:
The Referential Integrity Plug-in should only be enabled on one supplier replica in a multi-master replication environment to avoid conflict resolution loops. When enabling the plug-in on servers issuing chaining requests, be sure to analyze performance resource and time needs, as well as your integrity needs. Integrity checks can be time-consuming and draining on memory and CPU.
With multi-master replication, enable the plug-in on just one supplier.
However, replicated operations are skipped from the postop_del (and postop_mdrdn) plugin. So, integrity is not preserved when we delete an entry in a master where the referint plugin is not enabled:
if ( slapi_pblock_get( pb, SLAPI_IS_REPLICATED_OPERATION, &isrepop ) != 0 ||
slapi_pblock_get( pb, SLAPI_DELETE_TARGET_SDN, &sdn ) != 0 ||
slapi_pblock_get(pb, SLAPI_PLUGIN_OPRETURN, &oprc) != 0)
slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
"referint_postop_del: could not get parameters\n" );
return( -1 );
/* this plugin should only execute if the delete was successful
and this is not a replicated op
if(oprc != 0 || isrepop)
return( 0 );
So, either we add functionality in 1.3 version or we fix the doc.
Multimaster M1 <--> M2.
Enable referint in M1.
do any operation involving referint. Example:
Then, DEL "cn=user48,ou=people,o=redhat" in M1. The integrity will be preserved.
But if the DEL is in M2, the integrity will not be preserved and the attribute "owner" will still be present in the entry.
Thanks and regards,
This should be converted to a doc bug, as these statements are no longer correct. Every supplier NEEDS to have the RI plugin enabled.
Changing to doc bug. The information about the RI plugin has been outdated for a long time. It no longer applies to DS 9 and up.
(In reply to mreynolds from comment #3)
> The information about the RI plugin has been outdated
> for a long time. It no longer applies to DS 9 and up.
In this case, I suggest to review the sections and I will update them.
Mark, can you please review the following sections about RI and let me know what needs to be updated? If a lot of the content is outdated and needs to be rewritten/updated, it would be great if you could provide the details in an Etherpad or something similar.
Admin Guide: 3.6. Maintaining Referential Integrity
Configuration Command and File Reference: 4.1.45. Referential Integrity Postoperation Plug-in
Installation Guide: Example 5.5. Old-style configuration syntax
Thanks for your help.
(In reply to Marc Muehlfeld from comment #4)
> (In reply to mreynolds from comment #3)
> > The information about the RI plugin has been outdated
> > for a long time. It no longer applies to DS 9 and up.
> In this case, I suggest to review the sections and I will update them.
> Mark, can you please review the following sections about RI and let me know
> what needs to be updated? If a lot of the content is outdated and needs to
> be rewritten/updated, it would be great if you could provide the details in
> an Etherpad or something similar.
> Admin Guide: 3.6. Maintaining Referential Integrity
This looks okay, it discusses the new configuration attributes
> Configuration Command and File Reference: 4.1.45. Referential Integrity
> Postoperation Plug-in
This looks odd. The "Configuration Arguments" seems incomplete. It's confusing.
> Installation Guide: Example 5.5. Old-style configuration syntax
> Thanks for your help.
The update is now available on the Customer Portal.