Le 2015-11-17 17:08, Howard Chu a écrit :
katgb wrote:
Hi all,
I tried for some days to make refint overlay work with refint_nothing filled.
The slapo-refint man page says :
refint_nothing <string> Specify an arbitrary value to be used as a placeholder
when the last value would otherwise be deleted from an attribute. This can be useful in cases where the schema requires the existence of an attribute for which referential integrity is enforced. The attempted deletion of a required attribute will otherwise result in an Object Class Violation, causing the request to fail. The string must be a valid DN.
but each time I try to delete the last member from a groupOfNames group, the deletion is refused because of schema violation. That's ok without refint_nothing but with the string set it should replace last member, right ?
No. The refint_nothing value only affects modifications that the refint overlay itself would make when trying to maintain integrity. It doesn't interfere with user modification requests at all.
I'm not sure I understand "user modification requests" well. By user, do you mean the person who manipulate the directory or an object of "type" user ? If I have memberof overlay activated and it changes the uid's memberof attribute, isn't it a user modification request (by memberof overlay) ?
I've tested refint another way. I removed the user (identified by uid) from the directory. When the user is deleted, refint_nothing works and replaces the last member with the placeholder (I also have some debug information in logs). I thought that refint_nothing would also work when a modification is done on one of refint attributes. Maybe you can confirm I'm wrong about that.
Is there a way to accomplish what I want ?