Retro Changelog Plugin scoping defines what suffixes the plugin will act upon. You can define multiple “include” and/or “exclude” suffixes. This allows for more fine grained control over what is recorded in the retro changelog.
If there are multiple backends, or a heavily nested suffix, it might be desirable to only record changes for certain subtrees. For example:
ou=internal,dc=example,dc=com
ou=external,dc=example,dc=com
ou=staff,o=company.com
You might only want to record changes to “ou=external,dc=example,dc=com”, or you might want to record changes for all branches/suffixes except “ou=staff,o=company.com”.
There are two new multivalued configuration attributes that can be added to the Retro Changelog Plugin configuration:
nsslapd-include-suffix: <DN of a suffix to include>
nsslapd-exclude-suffix: <DN of a suffix to exclude>
Note “exclude” scopes always override “include” scopes!
Here is a configuration example:
nsslapd-include-suffix: dc=example,dc=com
nsslapd-exclude-suffix: ou=internal,dc=example,dc=com
nsslapd-exclude-suffix: ou=private,dc=example,dc=com
This example records changes for all entries under “dc=example,dc=com”, except entries under “ou=internal,dc=example,dc=com” & “ou=private,dc=example,dc=com”
Or, you can exclude entire suffixes
nsslapd-exclude-suffix: o=company.com
So any entry under “o=company.com” is excluded, but any other backend or suffix is recorded.
Note if “nsslapd-include-suffix” is omitted, it implies that all backends/suffixes are recorded.
Changes to these attributes are NOT applied dynamically (unless the dynamic plugins feature is enabled), and do require the server to be restarted to take effect.
None
Configuration can be set in the plugin entry under cn=config
None
None
None
None