HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

381

382

383

384

385

386

387

388

389

390

delete: dc

dc: pubs

delete: nsds5ReplConflict

NOTE:

The unique identifier attribute nsuniqueid cannot be deleted.

3. Rename the entry with the intended attribute-value pair. For example:

ldapmodify -D "cn=directory manager" -w secret -p 389 -h server.example.com

dn: cn=TempValue,dc=example,dc=com

changetype: modrdn

newrdn: dc=NewValue

deleteoldrdn: 1

Setting the value of the deleteoldrdn attribute to 1 deletes the temporary attribute-value

pair cn=TempValue. To keep this attribute, set the value of the deleteoldrdn attribute to

For more information on the ldapmodify command, see “Managing Entries from the Command

line” (page 111) and the HP-UX Directory Server configuration, command, and file reference.

8.18.2 Solving orphan entry conflicts

When a delete operation is replicated and the consumer server finds that the entry to be deleted

has child entries, the conflict resolution procedure creates a glue entry to avoid having orphaned

entries in the directory.

In the same way, when an add operation is replicated and the consumer server cannot find the

parent entry, the conflict resolution procedure creates a glue entry representing the parent so that

the new entry is not an orphan entry.

Glue entries are temporary entries that include the object classes glue and extensibleObject.

Glue entries can be created in several ways:

• If the conflict resolution procedure finds a deleted entry with a matching unique identifier, the

glue entry is a resurrection of that entry, with the addition of the glue object class and the

nsds5ReplConflict attribute.

In such cases, either modify the glue entry to remove the glue object class and the

nsds5ReplConflict attribute to keep the entry as a normal entry or delete the glue entry

and its child entries.

• The server creates a minimalistic entry with the glue and extensibleObject object classes.

In such cases, modify the entry to turn it into a meaningful entry or delete it and all its child entries.

8.18.3 Solving potential interoperability problems

For reasons of interoperability with applications that rely on attribute uniqueness, such as a mail

server, it may be necessary to restrict access to the entries that contain the nsds5ReplConflict

attribute. If access is not restricted to these entries, then the applications requiring one attribute

only pick up both the original entry and the conflict resolution entry containing the

nsds5ReplConflict, and operations will fail.

To restrict access, modify the default ACI that grants anonymous read access:

ldapmodify -D "cn=directory manager" -w secret -p 389 -h server.example.com

dn: dc=example,dc=com

changetype: modify

delete: aci

aci: (target ="ldap:///dc=example,dc=com")(targetattr

!="userPassword")(version 3.0;acl "Anonymous read-search

8.18 Solving common replication conflicts 387