Sun Java System Directory Server Enterprise Edition 6.2 Administration Guide

Solving Naming Conflicts

Entries with identical DNs may be created on separate masters if they are created before the servers replicate the changes to each other. Upon replication, the conflict resolution mechanism will automatically rename the second entry created.

An entry with a DN naming conflict is renamed by including its unique identifier, provided by the operational attribute nsuniqueid, in its DN.

For example, if the entry uid=bjensen,ou=People,dc=example,dc=com is created simultaneously on two masters, both will have the following two entries after replication:

The second entry must be given a useful DN. You can delete the conflicting entry and add it again with a non-conflicting name. However, renaming the entry ensures that its contents have not changed. The renaming procedure depends on whether the naming attribute is single-valued or multivalued. See the following procedures.

ProcedureTo Rename a Conflicting Entry That has a Multivalued Naming Attribute

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

  1. Rename the entry while keeping the old RDN value, for example:


    $ ldapmodify -h host2 -p 1389 -D cn=admin,cn=Administrators,cn=config -w -
    Enter bind password:
    dn: nsuniqueid=66446001-1dd211b2-66225011-2ee211db+uid=bjensen,dc=example,dc=com
    changetype: modrdn
    newrdn: uid=bj66446001
    deleteoldrdn: 0
    ^D

    You cannot delete the old RDN value in this step because it also contains the nsuniqueid operational attribute, which cannot be deleted.

  2. Remove the old RDN value of the naming attribute and the conflict marker attribute, for example:


    $ ldapmodify -h host2 -p 1389 -D cn=admin,cn=Administrators,cn=config -w -
    Enter bind password:
    dn: uid=bj66446001,dc=example,dc=com
    changetype: modify
    delete: uid
    uid: bjensen
    -
    delete: nsds5ReplConflict
    ^D

ProcedureTo Rename a Conflicting Entry With a Single-Valued Naming Attribute

When the naming attribute in a duplicate entry is single-valued, for example dc (domain component), you cannot simply rename the entry to another value of the same attribute. Instead, you must give the entry a temporary name.

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

  1. Rename the entry by using a different naming attribute, and keep the old RDN, for example:


    $ ldapmodify -h host2 -p 1389 -D cn=admin,cn=Administrators,cn=config -w -
    Enter bind password:
    dn: nsuniqueid=66446001-1dd211b2-66225011-2ee211db+dc=HR,dc=example,dc=com
    changetype: modrdn
    newrdn: o=TempHREntry
    deleteoldrdn: 0
    ^D

    You cannot delete the old RDN value in this step because it also contains the nsuniqueid operational attribute, which cannot be deleted.

  2. Change the desired naming attribute to a unique value and remove the conflict marker attribute, for example:


    $ ldapmodify -h host2 -p 1389 -D cn=admin,cn=Administrators,cn=config -w -
    Enter bind password:
    dn: o=TempHREntry,dc=example,dc=com
    changetype: modify
    replace: dc
    dc: NewHR
    delete: nsds5ReplConflict
    ^D
  3. Rename the entry back to the intended naming attribute, for example:


    $ ldapmodify -h host2 -p 1389 -D cn=admin,cn=Administrators,cn=config -w -
    Enter bind password:
    dn: dc=NewHR,dc=example,dc=com
    changetype: modrdn
    newrdn: dc=HR
    deleteoldrdn: 1
    ^D

    By setting the value of the deleteoldrdn attribute to 1, you delete the temporary attribute-value pair o=TempHREntry. If you want to keep this attribute, set the value of the deleteoldrdn attribute to 0.