Reference Guide › DSA Commands (DXserver Commands) › Commands Reference › set referential-integrity Command

set referential-integrity Command

Use the set referential-integrity command to define a referential integrity rule. A referential integrity rule is useful if you want to ensure that when you delete an entry, references to that entry are also deleted.

This command has the following format:

set referential-integrity rulename = {

subtree = subtreeDN
reference-subtree = referenceDN
direct-attr = memberAttribute | indirect-attr = entryAttribute reference-attr = referenceAttribute
};

• rulename

  Defines the name of the integrity rule.

• subtreeDN

  Specifies the subtree that contains the entries whose removal triggers this rule. When an entry in this subtree is deleted the DSA runs this integrity rule.

• referenceDN

  Specifies the subtree to be searched when the DSA runs this integrity rule.

• memberAttribute

  Specifies an attribute that may exist in one or more entries in the referenceDN subtree. The DSA finds all attributes named memberAttribute that are in the referenceDN subtree and have DN syntax. For each of these attributes, the DSA removes the value if it equals the DN of the entry that was deleted.

• entryAttribute

  Specifies an attribute name in the deleted entry. When the DSA deletes an entry, it retrieves the value of that entry's entryAttribute.

• referenceAttribute

  Specifies the attribute name that the DSA uses to search for references. The DSA finds all attributes named referenceAttribute that are in the referenceDN subtree. For each of these attributes, the DSA removes the value if it equals the value of entryAttribute.

Example: Define Direct Referential Integrity

The following referential-integrity rule is defined:

set referential-integrity groupsRule ={

subtree=<c AU><o Users>
reference-subtree =<c AU><o Groups>
direct-attr = member
};

The DSA receives a request to delete an entry cn=Craig Link,o=Users,c=AU.

After it has deleted the entry, the DSA deletes the value cn=Craig Link,o=Users,c=AU from all attributes that satisfy all the following conditions:

• Are in the subtree o=Groups,c=AU
• Are named member
• Have a DN syntax
• Have a value cn=Craig Link,o=Users,c=AU

Example: Define Indirect Referential Integrity

The following referential-integrity rule is defined:

set referential-integrity groupsRule ={

subtree=<c AU><o Users>
reference-subtree =<c AU><o Groups>
indirect-attr = userID
reference-attr=guid
};

The DSA receives a request to delete an entry cn=Craig Link,o=Users,c=AU.

After it has deleted the entry, the DSA deletes the value of the userID attribute in the deleted entry from all attributes that satisfy all the following conditions:

• Are in the subtree o=Groups,c=AU
• Are named guid
• Have a value equal to the value of the userID attribute in the deleted entry