Referential integrity plug-in
You can know more about referential integrity plug-in and the commands that can be used through the information provided here.
Security Directory Server provides a plug-in named libdelref which is a pre-operation plug-in that enables referential integrity constraints for LDAP Delete operation. The libraries are available at the location:<SDS_HOME>/lib or lib64, and library name varies for different platforms as libdelref.dll (Windows), libdelref.a (AIX®),libdelref.so (Solaris and Linux®). Also, a sample configuration file tdsdelref.conf is available in the /etc directory of the Security Directory Server install location. When an instance is created, the tdsdelref.conf file becomes available in the etc directory of the instance location.
You can enable the plug-in using the attribute ibm-slapdReferentialIntegrityPlugin defined in the imbslapd.conf file. By default, the value of this attribute is false. To enable the plug-in you must modify the attribute value to true and restart the server.
dn: cn=Directory, cn=RDBM Backends, cn=IBM Directory, cn=Schemas, cn=Configuration
ibm-slapdPlugin: preoperation libdelref.so DeleteReferenceInit
file=/home/nuser/idsslapd-nuser/etc/tdsdelref.conf dn=o=sample
ibm-slapdReferentialIntegrityPlugin: FALSE
Here, the ibm-slapdPlugin attribute defines that the plug-in is a pre-operation plug-in whose library is libdelref.so. The file parameter takes the default value as the complete path of the sample tdsdelref.conf file in the etc directory and the dn parameter takes the default value for the dn under which you want to search for the entries as o=sample.
idsldapmodify –D <bindDN> –w <password>
dn: cn=Directory, cn=RDBM Backends, cn=IBM Directory, cn=Schemas, cn=Configuration
ibm-slapdReferentialIntegrityPlugin: True
file=<absolutePathToFile>
dn=<searchDN>
OR
oc=<deleteObjectClass:referenceObjectClass:referenceAttribute>
dn=<searchDN>
where:
absolutePathToFile: is the absolute path to a file containing oc and dn parameters
deleteObjectClass: is the objectclass name of the deleted object for which
the referential integrity is to be maintained
referenceObjectClass: is the objectclass name of the reference object which
might contain reference to the deleted object
referenceAttribute: is the attribute name in the referenceObjectClass whose
value is the reference to the object being deleted
searchDN: is the base DN, where objects need to searched
(for references to the object being deleted)
oc=inetOrgPerson:inetOrgPerson:manager
Let
us assume there are two users in the DIT, namely:cn=testmanager and
cn=testuser. Also, let us assume that the manager of cn=testuser is
cn=testmanager. For instance: dn: cn=testmanager,o=sample
objectclass: inetOrgPerson
sn: manager
dn: cn=testuser,o=sample
objectclass: inetOrgPerson
sn: testuser
manager: cn=testmanager,o=sample
Now, if referential integrity
plug-in is enabled and you delete cn=testmanager, then all the references
to cn=testmanager for manager attribute in cn=testuser will also get
deleted.