Description of problem: In RHDS9.X documentation we see that referint plugin should be enabled in only one master in any multimaster topology: ================================ The Referential Integrity Plug-in should only be enabled on one supplier replica in a multi-master replication environment to avoid conflict resolution loops. When enabling the plug-in on servers issuing chaining requests, be sure to analyze performance resource and time needs, as well as your integrity needs. Integrity checks can be time-consuming and draining on memory and CPU. ================================ Also: ================================ With multi-master replication, enable the plug-in on just one supplier. ================================ Link here: https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Creating_Directory_Entries-Maintaining_Referential_Integrity.html However, replicated operations are skipped from the postop_del (and postop_mdrdn) plugin. So, integrity is not preserved when we delete an entry in a master where the referint plugin is not enabled: ================================================== if ( slapi_pblock_get( pb, SLAPI_IS_REPLICATED_OPERATION, &isrepop ) != 0 || slapi_pblock_get( pb, SLAPI_DELETE_TARGET_SDN, &sdn ) != 0 || slapi_pblock_get(pb, SLAPI_PLUGIN_OPRETURN, &oprc) != 0) { slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM, "referint_postop_del: could not get parameters\n" ); return( -1 ); } /* this plugin should only execute if the delete was successful and this is not a replicated op */ if(oprc != 0 || isrepop) { return( 0 ); } ================================================== So, either we add functionality in 1.3 version or we fix the doc. To reproduce: Multimaster M1 <--> M2. Enable referint in M1. do any operation involving referint. Example: dn: cn=user48,ou=people,o=redhat changetype: add objectclass: inetorgperson cn: user48 sn: user48 userpassword: user48 dn: cn=user49,ou=people,o=redhat changetype: modify add: owner owner: cn=user48,ou=people,o=redhat Then, DEL "cn=user48,ou=people,o=redhat" in M1. The integrity will be preserved. But if the DEL is in M2, the integrity will not be preserved and the attribute "owner" will still be present in the entry. Thanks and regards, German.
This should be converted to a doc bug, as these statements are no longer correct. Every supplier NEEDS to have the RI plugin enabled.
Changing to doc bug. The information about the RI plugin has been outdated for a long time. It no longer applies to DS 9 and up.
(In reply to mreynolds from comment #3) > The information about the RI plugin has been outdated > for a long time. It no longer applies to DS 9 and up. In this case, I suggest to review the sections and I will update them. Mark, can you please review the following sections about RI and let me know what needs to be updated? If a lot of the content is outdated and needs to be rewritten/updated, it would be great if you could provide the details in an Etherpad or something similar. Admin Guide: 3.6. Maintaining Referential Integrity https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Creating_Directory_Entries-Maintaining_Referential_Integrity.html Configuration Command and File Reference: 4.1.45. Referential Integrity Postoperation Plug-in https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Configuration_Command_and_File_Reference/Plug_in_Implemented_Server_Functionality_Reference.html#Referential_Integrity_Postoperation_Plug_in Installation Guide: Example 5.5. Old-style configuration syntax https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Installation_Guide/Pre-migration_Tasks.html#Referential_Integrity_Plug-in_Syntax Thanks for your help.
(In reply to Marc Muehlfeld from comment #4) > (In reply to mreynolds from comment #3) > > The information about the RI plugin has been outdated > > for a long time. It no longer applies to DS 9 and up. > > In this case, I suggest to review the sections and I will update them. > > Mark, can you please review the following sections about RI and let me know > what needs to be updated? If a lot of the content is outdated and needs to > be rewritten/updated, it would be great if you could provide the details in > an Etherpad or something similar. > > > Admin Guide: 3.6. Maintaining Referential Integrity > https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/ > html/Administration_Guide/Creating_Directory_Entries- > Maintaining_Referential_Integrity.html This looks okay, it discusses the new configuration attributes > > Configuration Command and File Reference: 4.1.45. Referential Integrity > Postoperation Plug-in > https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/ > html/Configuration_Command_and_File_Reference/ > Plug_in_Implemented_Server_Functionality_Reference. > html#Referential_Integrity_Postoperation_Plug_in This looks odd. The "Configuration Arguments" seems incomplete. It's confusing. > > Installation Guide: Example 5.5. Old-style configuration syntax > https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/ > html/Installation_Guide/Pre-migration_Tasks.html#Referential_Integrity_Plug- > in_Syntax Looks good. > > > Thanks for your help.
The update is now available on the Customer Portal.