Use the set referential-integrity command to define a referential integrity rule. A referential integrity rule is useful if you want to ensure that when you delete an entry, references to that entry are also deleted.
This command has the following format:
set referential-integrity rulename = {
subtree = subtreeDN reference-subtree = referenceDN direct-attr = memberAttribute | indirect-attr = entryAttribute reference-attr = referenceAttribute };
Defines the name of the integrity rule.
Specifies the subtree that contains the entries whose removal triggers this rule. When an entry in this subtree is deleted the DSA runs this integrity rule.
Specifies the subtree to be searched when the DSA runs this integrity rule.
Specifies an attribute that may exist in one or more entries in the referenceDN subtree. The DSA finds all attributes named memberAttribute that are in the referenceDN subtree and have DN syntax. For each of these attributes, the DSA removes the value if it equals the DN of the entry that was deleted.
Specifies an attribute name in the deleted entry. When the DSA deletes an entry, it retrieves the value of that entry's entryAttribute.
Specifies the attribute name that the DSA uses to search for references. The DSA finds all attributes named referenceAttribute that are in the referenceDN subtree. For each of these attributes, the DSA removes the value if it equals the value of entryAttribute.
Example: Define Direct Referential Integrity
The following referential-integrity rule is defined:
set referential-integrity groupsRule ={
subtree=<c AU><o Users> reference-subtree =<c AU><o Groups> direct-attr = member };
The DSA receives a request to delete an entry cn=Craig Link,o=Users,c=AU.
After it has deleted the entry, the DSA deletes the value cn=Craig Link,o=Users,c=AU from all attributes that satisfy all the following conditions:
Example: Define Indirect Referential Integrity
The following referential-integrity rule is defined:
set referential-integrity groupsRule ={
subtree=<c AU><o Users> reference-subtree =<c AU><o Groups> indirect-attr = userID reference-attr=guid };
The DSA receives a request to delete an entry cn=Craig Link,o=Users,c=AU.
After it has deleted the entry, the DSA deletes the value of the userID attribute in the deleted entry from all attributes that satisfy all the following conditions:
Copyright © 2009 CA. All rights reserved. | Email CA about this topic |