Previous Topic: set query-log-show-eis Command—Show or Hide eis Information in Query log

Next Topic: set rdn-order Command—Specify Attribute Order

set referential-integrity Command

Use the set referential-integrity command to define a referential integrity rule. A referential integrity rule is useful if you want to ensure that when you delete an entry, references to that entry are also deleted.

This command has the following format:

set referential-integrity rulename = {
subtree = subtreeDN
reference-subtree = referenceDN
direct-attr = memberAttribute | indirect-attr = entryAttribute reference-attr = referenceAttribute
};

Example: Define Direct Referential Integrity

The following referential-integrity rule is defined:

set referential-integrity groupsRule ={
subtree=<c AU><o Users>
reference-subtree =<c AU><o Groups>
direct-attr = member
};

The DSA receives a request to delete an entry cn=Craig Link,o=Users,c=AU.

After it has deleted the entry, the DSA deletes the value cn=Craig Link,o=Users,c=AU from all attributes that satisfy all the following conditions:

Example: Define Indirect Referential Integrity

The following referential-integrity rule is defined:

set referential-integrity groupsRule ={
subtree=<c AU><o Users>
reference-subtree =<c AU><o Groups>
indirect-attr = userID
reference-attr=guid
};

The DSA receives a request to delete an entry cn=Craig Link,o=Users,c=AU.

After it has deleted the entry, the DSA deletes the value of the userID attribute in the deleted entry from all attributes that satisfy all the following conditions:

More information:

Enable Alias Integrity

Referential Integrity


Copyright © 2009 CA. All rights reserved. Email CA about this topic