Referential integrity is the process of maintaining consistent relationships among sets of data. If referential Integrity is enabled in Oracle Internet Directory, whenever you update an entry in the directory, the server also updates other entries that refer to that entry. For example, if you remove a user’s entry from the directory, and the user is a member of a group, the server also removes the user from the group. If referential integrity is not enabled, the user remains a member of the group until manually removed. Referential integrity is not enabled by default.

Note: Disable referential integrity during the replication bootstrapping process. If referential integrity is enabled, bootstrapping fails.

Referential integrity takes effect in two situations:

  • Delete–When an entry is deleted, all the DN attributes that refer to this entry DN are removed.
  • Modify–When an entry’s DN is modified (renamed), all the attributes that refer to this entry DN are modified.

Beginning with 11g Release 1 (11.1.1), the Oracle Internet Directory server can enforce referential integrity. For every LDAP add, modify, delete, and rename operation, the server monitors the request and updates the necessary DN references.

Two configuration parameters control referential integrity: orclRIenabled and orclRIattr.

  • The parameter orclRIenabled controls the referential integrity level. Values for orclRIenabled are:
    • 0–Referential integrity is disabled
    • 1–Referential integrity is enabled for member and uniquemember attributes only.
    • 2–Referential Integrity is enabled for a list of DN syntax attributes as specified in orclRIattr and for attributes member and uniquemember.
  • When orclRIenabled is set to 2, the value of the parameter orclRIattr takes effect. The value of orclRIattr is a list of referential integrity-enabled attributes.

If referential integrity is enabled, it is strictly enforced. For example, you cannot add a group entry whose member or uniquemember attributes are not currently part of the DIT.

Enabling Referential Integrity in ODSM.

Login to http://oid_directory_managed_server:port/odsm with orcladmin user,

And under Data Tree,

cn=dsaconfig,cn=configsets,cn=oracle internet directory

Change – orclrienabled    from 0 to 1 or 2 (See above)