2.5.5. Modifying the Attribute List

By default, the Referential Integrity Plug-in is set up to check for and update the member, uniquemember, owner, and seeAlso attributes. You can add or delete attributes to be updated through the Directory Server Console, such as adding the nsroledn attribute if roles are being used.


Keep in mind that any attribute specified in the Referential Integrity Plug-in parameter list must have equality indexing on all databases. Otherwise, the plug-in scans every entry of the databases for matching the deleted or modified DN, degrading performance severely. If you add an attribute, ensure that it is indexed in all the backends.


Improve the performance by removing any unused attributes from the list.
  1. Start the Directory Server Console. See Section 1.4, “Starting the Directory Server Console”.
  2. Select the Configuration tab.
  3. Expand the Plugins folder in the navigation tree, and select the Referential Integrity Postoperation Plug-in.
    The settings for the plug-in are displayed in the right pane.
  4. In the Arguments section, use the Add and Delete buttons to modify the attributes in the list.
  5. Click Save.
  6. For your changes to be applied, go to the Tasks tab, and select Restart the Directory Server.


All attributes used in referential integrity must be indexed for presence and equality; not indexing those attributes results poor server performance for modify and delete operations. See Section 10.2, “Creating Indexes” for more information about checking and creating indexes.