set referential-integrity Command

Reference › DSA Commands (DXserver Commands) › Commands Reference › set referential-integrity Command

set referential-integrity Command

Use the set referential-integrity command to define a referential integrity rule. A referential integrity rule is useful if you want to ensure that when you delete an entry, references to that entry are also deleted.

This command has the following format:

set referential-integrity rulename = {

subtree = subtreeDN
reference-subtree = referenceDN
direct-attr = memberAttribute | indirect-attr = entryAttribute reference-attr = referenceAttribute
};

rulename: Defines the name of the integrity rule.
subtreeDN: Specifies the subtree that contains the entries whose removal triggers this rule. When an entry in this subtree is deleted the DSA runs this integrity rule.
referenceDN: Specifies the subtree to be searched when the DSA runs this integrity rule.
memberAttribute: Specifies an attribute that may exist in one or more entries in the referenceDN subtree. The DSA finds all attributes named memberAttribute that are in the referenceDN subtree and have DN syntax. For each of these attributes, the DSA removes the value if it equals the DN of the entry that was deleted.
entryAttribute: Specifies an attribute name in the deleted entry. When the DSA deletes an entry, it retrieves the value of that entry's entryAttribute.
referenceAttribute: Specifies the attribute name that the DSA uses to search for references. The DSA finds all attributes named referenceAttribute that are in the referenceDN subtree. For each of these attributes, the DSA removes the value if it equals the value of entryAttribute.

Example: Define Direct Referential Integrity

The following referential-integrity rule is defined:

set referential-integrity groupsRule ={

subtree=<c AU><o Users>
reference-subtree =<c AU><o Groups>
direct-attr = member
};

The DSA receives a request to delete an entry cn=Craig Link,o=Users,c=AU.

After it has deleted the entry, the DSA deletes the value cn=Craig Link,o=Users,c=AU from all attributes that satisfy all the following conditions:

Are in the subtree o=Groups,c=AU
Are named member
Have a DN syntax
Have a value cn=Craig Link,o=Users,c=AU

Example: Define Indirect Referential Integrity

The following referential-integrity rule is defined:

set referential-integrity groupsRule ={

subtree=<c AU><o Users>
reference-subtree =<c AU><o Groups>
indirect-attr = userID
reference-attr=guid
};

The DSA receives a request to delete an entry cn=Craig Link,o=Users,c=AU.

After it has deleted the entry, the DSA deletes the value of the userID attribute in the deleted entry from all attributes that satisfy all the following conditions:

Are in the subtree o=Groups,c=AU
Are named guid
Have a value equal to the value of the userID attribute in the deleted entry

More information:

Enable Alias Integrity

Referential Integrity

Email CA Technologies about this topic