1SLAPO-UNIQUE(5)               File Formats Manual              SLAPO-UNIQUE(5)
2
3
4

NAME

6       slapo-unique - Attribute Uniqueness overlay
7

SYNOPSIS

9       /etc/openldap/slapd.conf
10

DESCRIPTION

12       The  Attribute  Uniqueness  overlay can be used with a backend database
13       such  as  slapd-bdb(5)  to  enforce  the  uniqueness  of  some  or  all
14       attributes  within  a  subtree. This subtree defaults to the base DN of
15       the database for which the Uniqueness overlay is configured.
16
17       Uniqueness is enforced by searching the subtree to ensure that the val‐
18       ues of all attributes presented with an add, modify or modrdn operation
19       are unique  within  the  subtree.   For  example,  if  uniqueness  were
20       enforced  for  the uid attribute, the subtree would be searched for any
21       other records which also have  a  uid  attribute  containing  the  same
22       value. If any are found, the request is rejected.
23

CONFIGURATION

25       These  slapd.conf  options  apply  to the Attribute Uniqueness overlay.
26       They should appear after the overlay directive.
27
28       unique_base <basedn>
29              Configure the subtree against which uniqueness searches will  be
30              invoked.  The basedn defaults to the base DN of the database for
31              which uniqueness is configured.
32
33       unique_ignore <attribute...>
34              Configure one or more attributes for which uniqueness  will  not
35              be  enforced.   If not configured, all non-operational (eg, sys‐
36              tem) attributes must be unique. Note that the unique_ignore list
37              should   generally   contain  the  objectClass,  dc,  ou  and  o
38              attributes, as these will generally not be unique, nor are  they
39              operational attributes.
40
41       unique_attributes <attribute...>
42              Specify  one  or  more  attributes  for which uniqueness will be
43              enforced.  If not specified, all attributes which are not opera‐
44              tional  (eg,  system attributes such as entryUUID ) or specified
45              via the unique_ignore directive above must be unique within  the
46              subtree.
47
48       unique_strict
49              By default, uniqueness is not enforced for null values. Enabling
50              unique_strict mode extends the concept of uniqueness to  include
51              null  values, such that only one attribute within a subtree will
52              be allowed to have a null value.
53

CAVEATS

55       The search key is generated with attributes that  are  non-operational,
56       not  on  the  unique_ignore list, and included in the unique_attributes
57       list, in that order. This makes it possible to create  interesting  and
58       unusable   configurations.   Usually   only  one  of  unique_ignore  or
59       unique_attributes should be configured; use unique_ignore if the major‐
60       ity of attributes should be unique, and use unique_attributes if only a
61       small set of attributes should be unique.
62
63       Typical attributes for the unique_ignore  directive  are  intentionally
64       not  hardcoded  into  the  overlay  to allow for maximum flexibility in
65       meeting site-specific requirements.
66

FILES

68       /etc/openldap/slapd.conf
69              default slapd configuration file
70

SEE ALSO

72       slapd.conf(5).
73
74
75
76OpenLDAP 2.3.34                    2007/2/16                   SLAPO-UNIQUE(5)
Impressum