1
.TH SLAPO-UNIQUE 5 "RELEASEDATE" "OpenLDAP LDVERSION"
2
.\" Copyright 2004-2008 The OpenLDAP Foundation All Rights Reserved.
3
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
4
.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-unique.5,v 1.6.2.3 2008/02/11 23:26:40 kurt Exp $
6
slapo-unique \- Attribute Uniqueness overlay to slapd
10
The Attribute Uniqueness overlay can be used with a backend database such as
12
to enforce the uniqueness of some or all attributes within a
13
scope. This subtree defaults to all objects within the subtree of the
14
database for which the Uniqueness overlay is configured.
16
Uniqueness is enforced by searching the subtree to ensure that the values of
17
all attributes presented with an
22
operation are unique within the scope.
23
For example, if uniqueness were enforced for the
25
attribute, the subtree would be searched for any other records which also
28
attribute containing the same value. If any are found, the request is
33
options apply to the Attribute Uniqueness overlay.
34
They should appear after the
38
.B unique_uri <[strict ][ignore ]URI[URI...]...>
39
Configure the base, attributes, scope, and filter for uniqueness
40
checking. Multiple URIs may be specified within a domain, allowing complex selections of objects. Multiple
44
attributes will create independent domains, each with their own independent lists of URIs and ignore/strict settings.
46
The LDAP URI syntax is a subset of
50
ldap:///[base dn]?[attributes...]?scope[?filter]
54
defaults to that of the back-end database. Specified base dns must be within the subtree of the back-end database.
58
are specified, the URI applies to all non-operational attributes.
62
component is effectively mandatory, because LDAP URIs default to
64
scope, which is not valid for uniqueness, because groups of one object
65
are always unique. Scopes of
69
for one-level are valid.
73
component causes the domain to apply uniqueness constraints only to
74
matching objects. e.g.
75
.B ldap:///?cn?sub?(sn=e*)
78
attributes for all objects in the subtree of the back-end database whose
82
It is possible to assert uniqueness upon all non-operational
83
attributes except those listed by prepending the keyword
85
If not configured, all non-operational (e.g., system) attributes must be
90
URI should generally contain the
96
attributes, as these will generally not be unique, nor are they operational
99
It is possible to set strict checking for the uniqueness domain by
100
prepending the keyword
102
By default, uniqueness is not enforced
103
for null values. Enabling
105
mode extends the concept of uniqueness to include null values, such
106
that only one attribute within a subtree will be allowed to have a
107
null value. Strictness applies to all URIs within a uniqueness
108
domain, but some domains may be strict while others are not.
110
It is not possible to set both URIs and legacy slapo-unique configuration parameters simultaneously. In general, the legacy configuration options control pieces of a single unfiltered subtree domain.
112
.B unique_base <basedn>
113
This legacy configuration parameter should be converted to the
115
component of the above
119
.B unique_ignore <attribute...>
120
This legacy configuration parameter should be converted to a
124
keyword as described above.
126
.B unique_attributes <attribute...>
127
This legacy configuration parameter should be converted to a
129
parameter, as described above.
132
This legacy configuration parameter should be converted to a
134
keyword prepended to a
136
parameter, as described above.
140
cannot be used with the old-style of configuration, and vice versa.
142
can implement everything the older system can do, however.
144
Typical attributes for the
145
.B ignore ldap:///...
146
URIs are intentionally not hardcoded into the overlay to allow for
147
maximum flexibility in meeting site-specific requirements.
151
default slapd configuration file