1SLAPO-UNIQUE(5) File Formats Manual SLAPO-UNIQUE(5)
2
3
4
6 slapo-unique - Attribute Uniqueness overlay
7
9 /etc/openldap/slapd.conf
10
12 The Attribute Uniqueness overlay can be used with a backend database
13 such as slapd-bdb(5) to enforce the uniqueness of some or all
14 attributes within a subtree. This subtree defaults to the base DN of
15 the database for which the Uniqueness overlay is configured.
16
17 Uniqueness is enforced by searching the subtree to ensure that the val‐
18 ues of all attributes presented with an add, modify or modrdn operation
19 are unique within the subtree. For example, if uniqueness were
20 enforced for the uid attribute, the subtree would be searched for any
21 other records which also have a uid attribute containing the same
22 value. If any are found, the request is rejected.
23
25 These slapd.conf options apply to the Attribute Uniqueness overlay.
26 They should appear after the overlay directive.
27
28 unique_base <basedn>
29 Configure the subtree against which uniqueness searches will be
30 invoked. The basedn defaults to the base DN of the database for
31 which uniqueness is configured.
32
33 unique_ignore <attribute...>
34 Configure one or more attributes for which uniqueness will not
35 be enforced. If not configured, all non-operational (eg, sys‐
36 tem) attributes must be unique. Note that the unique_ignore list
37 should generally contain the objectClass, dc, ou and o
38 attributes, as these will generally not be unique, nor are they
39 operational attributes.
40
41 unique_attributes <attribute...>
42 Specify one or more attributes for which uniqueness will be
43 enforced. If not specified, all attributes which are not opera‐
44 tional (eg, system attributes such as entryUUID ) or specified
45 via the unique_ignore directive above must be unique within the
46 subtree.
47
48 unique_strict
49 By default, uniqueness is not enforced for null values. Enabling
50 unique_strict mode extends the concept of uniqueness to include
51 null values, such that only one attribute within a subtree will
52 be allowed to have a null value.
53
55 The search key is generated with attributes that are non-operational,
56 not on the unique_ignore list, and included in the unique_attributes
57 list, in that order. This makes it possible to create interesting and
58 unusable configurations. Usually only one of unique_ignore or
59 unique_attributes should be configured; use unique_ignore if the major‐
60 ity of attributes should be unique, and use unique_attributes if only a
61 small set of attributes should be unique.
62
63 Typical attributes for the unique_ignore directive are intentionally
64 not hardcoded into the overlay to allow for maximum flexibility in
65 meeting site-specific requirements.
66
68 /etc/openldap/slapd.conf
69 default slapd configuration file
70
72 slapd.conf(5).
73
74
75
76OpenLDAP 2.3.34 2007/2/16 SLAPO-UNIQUE(5)