slapo-unique.5 2.94 KB
Newer Older
1
.TH SLAPO-UNIQUE 5 "RELEASEDATE" "OpenLDAP LDVERSION"
Kurt Zeilenga's avatar
Kurt Zeilenga committed
2
.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
slapo-unique \- Attribute Uniqueness overlay
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
The Attribute Uniqueness overlay can be used with a backend database such as
.BR slapd-bdb (5)
to enforce the uniqueness of some or all attributes within a subtree. This
subtree defaults to the base DN of the database for which the Uniqueness
overlay is configured.
.LP
Uniqueness is enforced by searching the subtree to ensure that the values of
all attributes presented with an
Pierangelo Masarati's avatar
typos    
Pierangelo Masarati committed
18
.BR add ,
19
20
21
22
.B modify
or
.B modrdn
operation are unique within the subtree.
Pierangelo Masarati's avatar
typos    
Pierangelo Masarati committed
23
For example, if uniqueness were enforced for the
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
.B uid
attribute, the subtree would be searched for any other records which also
have a
.B uid
attribute containing the same value. If any are found, the request is
rejected.
.SH CONFIGURATION
These
.B slapd.conf
options apply to the Attribute Uniqueness overlay.
They should appear after the
.B overlay
directive.
.TP
.B unique_base <basedn>
Configure the subtree against which uniqueness searches will be invoked.
The
.B basedn
defaults to the base DN of the database for which uniqueness is configured.
.TP
.B unique_ignore <attribute...>
Configure one or more attributes for which uniqueness will not be enforced.
If not configured, all non-operational (eg, system) attributes must be
unique. Note that the
.B unique_ignore
list should generally contain the
Pierangelo Masarati's avatar
typos    
Pierangelo Masarati committed
50
51
.BR objectClass ,
.BR dc ,
52
53
54
55
56
57
58
.B ou
and
.B o
attributes, as these will generally not be unique, nor are they operational
attributes.
.TP
.B unique_attributes <attribute...>
59
Specify one or more attributes for which uniqueness will be enforced.
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
If not specified, all attributes which are not operational (eg, system
attributes such as
.B entryUUID )
or specified via the
.B unique_ignore
directive above must be unique within the subtree.
.TP
.B unique_strict
By default, uniqueness is not enforced for null values. Enabling
.B unique_strict
mode extends the concept of uniqueness to include null values, such that
only one attribute within a subtree will be allowed to have a null value.
.SH CAVEATS
.LP
The search key is generated with attributes that are non-operational, not
on the
.B unique_ignore
list, and included in the
.B unique_attributes
list, in that order. This makes it possible to create interesting and
80
81
82
83
84
85
86
87
88
unusable configurations. Usually only one of
.B unique_ignore
or
.B unique_attributes
should be configured; use
.B unique_ignore
if the majority of attributes should be unique, and use
.B unique_attributes
if only a small set of attributes should be unique.
89
90
91
92
93
94
95
96
97
98
99
.LP
Typical attributes for the
.B unique_ignore
directive are intentionally not hardcoded into the overlay to allow for
maximum flexibility in meeting site-specific requirements.
.SH FILES
.TP
ETCDIR/slapd.conf
default slapd configuration file
.SH SEE ALSO
.BR slapd.conf (5).