Server User Manual
Chapter 3. Plug-in Implemented Server Functionality Reference
212
membership is not reflected in the member's user entry, so it is impossible to tell to what groups a
person belongs by looking at the user's entry.
The MemberOf Plug-in synchronizes the group membership in group members with the members'
individual directory entries by identifying changes to a specific attribute (such as member) in the group
entry and then carrying those changes over to a specific attribute in the entries for the members.
3.8.1. memberofattr
This attribute specifies the attribute in the user entry for the Directory Server to manage to reflect
group membership. The MemberOf Plug-in generates the value of the attribute specified here in the
directory entry for the member. There is a separate attribute for every group to which the user belongs.
Parameter Description
Entry DN cn=MemberOf Plugin, cn=plugins, cn=config
Valid Range Any Directory Server attribute
Default Value memberOf
Syntax DirectoryString
Example memberofattr: memberOf
3.8.2. memberofgroupattr
This attribute specifies the attribute in the group entry to use to identify the DNs of group members.
By default, this is the member attribute, but it can be any membership-related attribute, such as
uniqueMember or member.
NOTE
Any attribute can be used for the memberofgroupattr value, but the MemberOf
Plug-in only works if the value of the target attribute contains the DN of the member
entry. For example, the member attribute contains the DN of the member's user entry:
member: uid=jsmith,ou=People,dc=example,dc=com
Some member-related attributes do not contain a DN, like the memberURL attribute.
That attribute will not work as a value for memberofgroupattr, since the
memberURL value is a URL and a non-DN value cannot work with the MemberOf
Plug-in.
Parameter Description
Entry DN cn=MemberOf Plugin, cn=plugins, cn=config
Valid Range Any Directory Server attribute
Default Value member
Syntax DirectoryString
Example memberofgroupattr: member