72ce306 Expand Referential Integrity checks

10 files Authored by mkosek 11 years ago, Committed by rcritten 11 years ago,
    Expand Referential Integrity checks
    
    Many attributes in IPA (e.g. manager, memberuser, managedby, ...)
    are used to store DNs of linked objects in IPA (users, hosts, sudo
    commands, etc.). However, when the linked objects is deleted or
    renamed, the attribute pointing to it stays with the objects and
    thus may create a dangling link causing issues in client software
    reading the data.
    
    Directory Server has a plugin to enforce referential integrity (RI)
    by checking DEL and MODRDN operations and updating affected links.
    It was already used for manager and secretary attributes and
    should be expanded for the missing attributes to avoid dangling
    links.
    
    As a prerequisite, all attributes checked for RI must have pres
    and eq indexes to avoid performance issues. Thus, the following
    indexes are added:
      * manager (pres index only)
      * secretary (pres index only)
      * memberHost
      * memberUser
      * sourcehost
      * memberservice
      * managedby
      * memberallowcmd
      * memberdenycmd
      * ipasudorunas
      * ipasudorunasgroup
    
    Referential Integrity plugin is updated to enforce RI for all these
    attributes. Unit tests covering RI checks for all these attributes
    were added as well.
    
    Note: this update will only fix RI on one master as RI plugin does
    not check replicated operations.
    
    https://fedorahosted.org/freeipa/ticket/2866
    
        
file modified
+82 -0
file modified
+1 -0