MemberOf Plugin scoping defines what suffixes the plugin will act upon. You can define multiple “include” and/or “exclude” suffixes. This allows for more fine grained control over what memberships are maintained by the plugin.
If there are multiple backends, or a heavily nested suffix, it might be desirable to only maintain the memberOf attributes for certain subtrees. For example:
ou=internal,dc=example,dc=com ou=external,dc=example,dc=com ou=staff,o=company.com
You might only want to maintain the “memberOf” attribute for entries that exist under “ou=external,dc=example,dc=com”, or you might want to maintain “memberOf” for all branches except “ou=staff,o=company.com”.
There are two new multivalued configuration attributes that can be added to the MemberOf Plugin configuration:
memberOfEntryScope: <DN of a suffix to include> memberOfEntryScopeExcludeSubtree: <DN of a suffix to exclude>
Note “exclude” scopes always override “include” scopes!
Here is a configuration example:
memberOfEntryScope: dc=example,dc=com memberOfEntryScopeExcludeSubtree: ou=internal,dc=example,dc=com memberOfEntryScopeExcludeSubtree: ou=private,dc=example,dc=com
This example updates the “memberOf” attribute for all entries under “dc=example,dc=com”, except entries under “ou=internal,dc=example,dc=com” & “ou=private,dc=example,dc=com”
Or, you can exclude entire suffixes
So any entry under “o=company.com” is excluded, but any other backend or suffix is processed.
Note if “memberOfEntryScope” is omitted, it implies that all backends/suffixes are allowed.
Changes to these attributes are applied dynamically, and do not require the server to be restarted.
Configuration can be set in the plugin entry or in it shared configuration entry