<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font face="Times New Roman, Times, serif">Hello,<br>
<br>
</font>
<blockquote><font face="Times New Roman, Times, serif">I am looking
at the appropriate way to configure DS referential integrity and
I am hitting some issues about its scoping and which attributes
need to be preserved.<br>
</font><font face="Times New Roman, Times, serif"><font
face="Times New Roman, Times, serif"><br>
<br>
</font>User A and B are both Active. </font><font face="Times
New Roman, Times, serif"><font face="Times New Roman, Times,
serif">User A refers user B for example 'owner: <DN user B
in Active container>'. </font></font><font face="Times New
Roman, Times, serif"><font face="Times New Roman, Times, serif"><font
face="Times New Roman, Times, serif"><font face="Times New
Roman, Times, serif"><br>
If entry A is deleted (user-del), it keeps </font></font></font></font><font
face="Times New Roman, Times, serif"><font face="Times New
Roman, Times, serif"><font face="Times New Roman, Times,
serif"><font face="Times New Roman, Times, serif"><font
face="Times New Roman, Times, serif"><font face="Times
New Roman, Times, serif">'owner: </font></font><font
face="Times New Roman, Times, serif"><font face="Times
New Roman, Times, serif"><font face="Times New Roman,
Times, serif"><font face="Times New Roman, Times,
serif"><DN user B in Active container>'. Do
we really want to preserve such attributes (owner,
member, seeAlso...) in case the user is coming
back (user-undel) ?<br>
If it makes sense we may achieve this if we
extends RI to both 'Active' and 'Delete'
container. <br>
If we prefer to remove such attributes, then
'user-del' is a MODRDN followed by some MODs or a
ADD-DEL where the Delete entry is rebuilt from the
'Active' entry.<br>
<br>
This is a similar problem when using
'stageuser-add <id> --from-delete', the
references may become invalid (unless RI also
covers Staging).<br>
<br>
An option would be to accept to have invalid
references in 'staging' and 'delete', but when the
entry is stageuser-activate/user-undel the
reference are checked and removed if invalid. Here
invalid means, the referred entry does not exist
or is not 'Active'.<br>
<br>
<br>
</font></font></font></font></font></font></font>thanks<br>
thierry<br>
<br>
<br>
</font></blockquote>
</body>
</html>