Red Hat SummitQuesto contenuto non è disponibile nella lingua selezionata.
5.6. Configuring Scope for the Referential Integrity
If an entry is deleted, the references to it are deleted or modified to reflect the change. When this update is applied to all entries and all groups, it can impact performance and prevents flexibility of restricting the referential integrity to selected subtrees. Defining a scope addresses this problem.
For example, there may be one suffix,
dc=example,dc=com, containing two subtrees: ou=active users,dc=example,dc=com and ou=deleted users,dc=example,dc=com. Entries in deleted users should not be handled for purposes of referential integrity.
5.6.1. Parameters That Control the Referential Integrity Scope
Copia collegamentoCollegamento copiato negli appunti!
The following three parameters can be used to define the scope in the Referential Integrity Postoperation plug-in configuration:
nsslapd-pluginEntryScope- This multi-value parameter controls the scope of the entry that is deleted or renamed. It defines the subtree in which the Referential Integrity Postoperation plug-in looks for the delete or rename operations of a user entry. If a user is deleted or renamed that does not exist under the defined subtree, the plug-in ignores the operation. The parameter allows you to specify to which branches of the database the plug-in should apply the operation.
nsslapd-pluginExcludeEntryScope- This parameter also controls the scope of the entry that is deleted or renamed. It defines the subtree in which the Referential Integrity Postoperation plug-in ignores any operations for deleting or renaming a user.
nsslapd-pluginContainerScope- This parameter controls the scope of groups in which references are updated. After a user is deleted, the Referential Integrity Postoperation plug-in looks for the groups to which the user belongs and updates them accordingly. This parameter specifies which branch the plug-in searches for the groups to which the user belongs. The Referential Integrity Postoperation plug-in only updates groups that are under the specified container branch, and leaves all other groups not updated.
5.6.2. Displaying the Referential Integrity Scope Using the Command Line
Copia collegamentoCollegamento copiato negli appunti!
The following commands show how to display the scope settings using the command line:
dsconf -D "cn=Directory Manager" ldap://server.example.com plugin referential-integrity show
# dsconf -D "cn=Directory Manager" ldap://server.example.com plugin referential-integrity show
...
nsslapd-pluginEntryScope: DN
nsslapd-pluginExcludeEntryScope: DN
nsslapd-pluginContainerScope: DN5.6.3. Displaying the Referential Integrity Scope Using the Web Console
Copia collegamentoCollegamento copiato negli appunti!
The following procedure shows how to display the scope settings using the web console:
- Open the Directory Server user interface in the web console. See Section 1.4, “Logging Into Directory Server Using the Web Console”.
- Select the instance.
- Open the menu.
- Select the Referential Integrity plug-in.
- See the Entry Scope, Exclude Entry Scope, and Container Scope fields for the currently configured scope.
5.6.4. Configuring the Referential Integrity Scope Using the Command Line
Copia collegamentoCollegamento copiato negli appunti!
To configure the referential integrity scope using the command line:
- Optionally, display the scope settings. See Section 5.6.2, “Displaying the Referential Integrity Scope Using the Command Line”.
- The following commands show how to configure the individual referential integrity scope settings using the command line:
- To set a distinguished name (DN):
- To the
nsslapd-pluginEntryScopeparameter:dsconf -D "cn=Directory Manager" ldap://server.example.com plugin referential-integrity set --entry-scope="DN"
# dsconf -D "cn=Directory Manager" ldap://server.example.com plugin referential-integrity set --entry-scope="DN"Copy to Clipboard Copied! Toggle word wrap Toggle overflow - To the
nsslapd-pluginExcludeEntryScopeparameter:dsconf -D "cn=Directory Manager" ldap://server.example.com plugin referential-integrity set --exclude-entry-scope="DN"
# dsconf -D "cn=Directory Manager" ldap://server.example.com plugin referential-integrity set --exclude-entry-scope="DN"Copy to Clipboard Copied! Toggle word wrap Toggle overflow - To the
nsslapd-pluginContainerScopeparameter:dsconf -D "cn=Directory Manager" ldap://server.example.com plugin referential-integrity set --container-scope="DN"
# dsconf -D "cn=Directory Manager" ldap://server.example.com plugin referential-integrity set --container-scope="DN"Copy to Clipboard Copied! Toggle word wrap Toggle overflow
- To remove a DN:
- From the
nsslapd-pluginEntryScopeparameter:dsconf -D "cn=Directory Manager" ldap://server.example.com plugin referential-integrity set --entry-scope=delete
# dsconf -D "cn=Directory Manager" ldap://server.example.com plugin referential-integrity set --entry-scope=deleteCopy to Clipboard Copied! Toggle word wrap Toggle overflow - From the
nsslapd-pluginExcludeEntryScopeparameter:dsconf -D "cn=Directory Manager" ldap://server.example.com plugin referential-integrity set --exclude-entry-scope=delete
# dsconf -D "cn=Directory Manager" ldap://server.example.com plugin referential-integrity set --exclude-entry-scope=deleteCopy to Clipboard Copied! Toggle word wrap Toggle overflow - From the
nsslapd-pluginContainerScopeparameter:dsconf -D "cn=Directory Manager" ldap://server.example.com plugin referential-integrity set --container-scope=delete
# dsconf -D "cn=Directory Manager" ldap://server.example.com plugin referential-integrity set --container-scope=deleteCopy to Clipboard Copied! Toggle word wrap Toggle overflow
- Restart the instance:
dsctl instance_name restart
# dsctl instance_name restartCopy to Clipboard Copied! Toggle word wrap Toggle overflow
5.6.5. Configuring the Referential Integrity Scope Using the Web Console
Copia collegamentoCollegamento copiato negli appunti!
To configure the referential integrity scope using the web console:
- Open the Directory Server user interface in the web console. See Section 1.4, “Logging Into Directory Server Using the Web Console”.
- Select the instance.
- Select the menu.
- Select the Referential Integrity plug-in.
- Set the scope in the Entry Scope, Exclude Entry Scope, and Container Scope fields.
- Click .
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}