slapo-unique

Langue: en

Autres versions - même langue

Version: 39445 (fedora - 16/08/07)

Section: 5 (Format de fichier)

Sommaire

NAME

slapo-unique - Attribute Uniqueness overlay

SYNOPSIS

/etc/openldap/slapd.conf

DESCRIPTION

The Attribute Uniqueness overlay can be used with a backend database such as slapd-bdb(5) to enforce the uniqueness of some or all attributes within a subtree. This subtree defaults to the base DN of the database for which the Uniqueness overlay is configured.

Uniqueness is enforced by searching the subtree to ensure that the values of all attributes presented with an add, modify or modrdn operation are unique within the subtree. For example, if uniqueness were enforced for the uid attribute, the subtree would be searched for any other records which also have a uid attribute containing the same value. If any are found, the request is rejected.

CONFIGURATION

These slapd.conf options apply to the Attribute Uniqueness overlay. They should appear after the overlay directive.
unique_base <basedn>
Configure the subtree against which uniqueness searches will be invoked. The basedn defaults to the base DN of the database for which uniqueness is configured.
unique_ignore <attribute...>
Configure one or more attributes for which uniqueness will not be enforced. If not configured, all non-operational (eg, system) attributes must be unique. Note that the unique_ignore list should generally contain the objectClass, dc, ou and o attributes, as these will generally not be unique, nor are they operational attributes.
unique_attributes <attribute...>
Specify one or more attributes for which uniqueness will be enforced. If not specified, all attributes which are not operational (eg, system attributes such as entryUUID ) or specified via the unique_ignore directive above must be unique within the subtree.
unique_strict
By default, uniqueness is not enforced for null values. Enabling unique_strict mode extends the concept of uniqueness to include null values, such that only one attribute within a subtree will be allowed to have a null value.

CAVEATS

The search key is generated with attributes that are non-operational, not on the unique_ignore list, and included in the unique_attributes list, in that order. This makes it possible to create interesting and unusable configurations. Usually only one of unique_ignore or unique_attributes should be configured; use unique_ignore if the majority of attributes should be unique, and use unique_attributes if only a small set of attributes should be unique.

Typical attributes for the unique_ignore directive are intentionally not hardcoded into the overlay to allow for maximum flexibility in meeting site-specific requirements.

FILES

/etc/openldap/slapd.conf
default slapd configuration file

SEE ALSO

slapd.conf(5).