Referential integrity for inverted static groups
There are both general and specific plugins that help preserve referential integrity for inverted static groups.
The existing referential integrity plugin also handles inverted static groups and is disabled by default. For more information on enabling this plugin, see Maintaining referential integrity with static groups.
Enabling this plugin ensures the following:
-
Removing an inverted static group removes the corresponding
ds-member-of-inverted-static-group-dn
value from the entries of all members. -
Renaming an inverted static group updates the corresponding
ds-member-of-inverted-static-group-dn
value in the entries of all members.
The inverted static group referential integrity plugin is enabled by default and is designed to:
-
Prevent adding a user to a nonexistent group or a non-inverted static group
-
Prevent adding a group as a direct member, rather than a nested member, of an inverted static group
-
Prevent adding a nonexistent entry or non-group as a nested member of an inverted static group