A directory entry has referential integrity if all DNs in the entry are valid, that is, point to other, existing, entries.
CA Directory provides a way to help enforce referential integrity. You can ensure that when an entry is deleted, all existing references to that entry are also deleted. This method is called direct referential integrity, and is equivalent to the cascade delete rule for databases. It helps keep the directory clear of dangling references, that is, references that point nowhere.
You can also ensure that when an entry is deleted, attributes in other entries that use a common value (rather than a DN) to identify the deleted entry are also deleted. This is called indirect referential integrity, and is useful if the directory uses non-DN attribute values to link different entries.
You enable referential integrity by creating one or more referential integrity rules in a DSA. A referential integrity rule specifies:
The referential integrity search begins only after the DSA has deleted the specified entry, so after an entry is deleted, there is a short time during which an entry containing a dangling reference is available to a user. Therefore, the CA Directory implementation does not guarantee referential integrity.
The CA Directory implementation of referential integrity is designed to be a tool that is used as required. It does not itself enforce referential integrity in all cases. The following constraints apply:
Example: Direct Referential Integrity
Assume a directory contains an entry (for example, Sales) that has a Member attribute, where Member contains user DNs.
A direct referential integrity rule can ensure that when a user entry is deleted, the DSA automatically deletes that user's DN from the value of the Member attribute in Sales.
Example: Indirect Referential Integrity
Assume that each user contains an attribute UserID, and also that Sales has a UserID attribute, where UserID contains userIDs. This is similar to the previous example, with the difference that here, UserID contains userIDs instead of user DNs.
An indirect referential integrity rule can ensure that when a user entry is deleted, the DSA automatically deletes that user's ID from the value of the UserID attribute in Sales.
Copyright © 2009 CA. All rights reserved. | Email CA about this topic |