Overview #Just as subordinate references help maintain connectivity between parent and child partitions stored on different servers, the following other kinds of references also help keep EDirectory trees connected and synchronized:
EDirectory stores these types of information in NDS External References, which are place holders containing information about entries that the server does not hold. NDS External References are not copies of the complete entries, but rather pointers to the real entry.
Besides providing connectivity, NDS External References improve system performance by caching frequently accessed information.
So what is actually maintained? #That depends on the object and the version of eDirectory. The base class, name, and certain attributes are all maintained. Some examples of maintained attributes include Public Key and GUID for User objects, Replica for Partition Root objects, and Status and NDS Version for NCP objects.
In order to achieve the NDS External References, various attributes relating to the obituary process are maintained, these are
Creating External References. #EDirectory creates external references for the following operations:
- Authentication - A user authenticates to a server, and this user does not have an entry stored in a partition on the server. To enable authentication, the server must create an external reference so that a localEntryID can be given to the authentication process.
- Browsing - When a user, browsing the eDirectory tree, requests information about an entry that is not stored locally, eDirectory creates an external reference to the entry.
- Security Equivalence - Users who authenticate to the server can have security equivalence to entries not stored locally. Such entries require external references.
- Attributes of Local Entries - Some attributes, such as Member, take a list of entries and can have entries of objects that are not stored locally. Each such entry requires an external reference.
- File System - The file system uses entry IDs to maintain a list of owners and trustees of files and directories. Trustees or owners that are not local entries require external references.
In addition, eDirectory creates external references when a replica is removed from the server. eDirectory changes all of the entries in the removed replica into external references and marks them as expired.
Before an NDS External References is created in eDirectory, newer than NetWare 5.x, it places a UsedBy attribute on a writable copy of the referenced object. The UsedBy attribute is also placed on the referenced object's partition root and the object's partition root.
Deleting External References #On each server, eDirectory deletes expired NDS External References if they have not been used within a specified time period when the Backlinker process runs.
The system administrator can use a SET the n4u.nds.external-reference-life-span parameter to set a number of hours after which eDirectory deletes NDS External References that have:
- not been used
- are not needed for another entry's context,
- do not contain information that the operating system needs.
To remove expired NDS External References, eDirectory builds a list of unused external references by checking the life span interval of each external reference.
The Backlinker process checks to see if the file system must access any of the external references. If the file system uses the expired external references, they are not taken off the delete list. The Backlinker process deletes the remaining entries on the list. The Janitor process is responsible for purging the deleted external references.
When eDirectory updates entries and partitions, it also must update NDS External References created for those entries. Synchronizing external references is usually done by the server receiving the original synchronization request; however, any read/write replica can initiate synchronization if the external reference is being deleted or renamed.