Content-type: text/html

<HTML><HEAD><TITLE>Manpage of SLAPO-UNIQUE</TITLE>
</HEAD><BODY>
<H1>SLAPO-UNIQUE</H1>
Section: File Formats (5)<BR>Updated: 2005/10/13<BR><A HREF="#index">Index</A>
<A HREF="http://localhost/cgi-bin/man/man2html">Return to Main Contents</A><HR>




<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>

slapo-unique - Attribute Uniqueness overlay
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>

/usr/local/etc/openldap/slapd.conf
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>

The Attribute Uniqueness overlay can be used with a backend database such as
<B><A HREF="http://localhost/cgi-bin/man/man2html?5+slapd-bdb">slapd-bdb</A></B>(5)

to enforce the uniqueness of some or all attributes within a subtree. This
subtree defaults to the base DN of the database for which the Uniqueness
overlay is configured.
<P>

Uniqueness is enforced by searching the subtree to ensure that the values of
all attributes presented with an
<B>add</B>,

<B>modify</B>

or
<B>modrdn</B>

operation are unique within the subtree.
For example, if uniqueness were enforced for the
<B>uid</B>

attribute, the subtree would be searched for any other records which also
have a
<B>uid</B>

attribute containing the same value. If any are found, the request is
rejected.
<A NAME="lbAE">&nbsp;</A>
<H2>CONFIGURATION</H2>

These
<B>slapd.conf</B>

options apply to the Attribute Uniqueness overlay.
They should appear after the
<B>overlay</B>

directive and before any subsequent
<B>database</B>

directive.
<DL COMPACT>
<DT><B>unique_base &lt;basedn&gt;</B>

<DD>
Configure the subtree against which uniqueness searches will be invoked.
The
<B>basedn</B>

defaults to the base DN of the database for which uniqueness is configured.
<DT><B>unique_ignore &lt;attribute...&gt;</B>

<DD>
Configure one or more attributes for which uniqueness will not be enforced.
If not configured, all non-operational (eg, system) attributes must be
unique. Note that the
<B>unique_ignore</B>

list should generally contain the
<B>objectClass</B>,

<B>dc</B>,

<B>ou</B>

and
<B>o</B>

attributes, as these will generally not be unique, nor are they operational
attributes.
<DT><B>unique_attributes &lt;attribute...&gt;</B>

<DD>
Specify one or more attributes which for which uniqueness will be enforced.
If not specified, all attributes which are not operational (eg, system
attributes such as
<B>entryUUID )</B>

or specified via the
<B>unique_ignore</B>

directive above must be unique within the subtree.
<DT><B>unique_strict</B>

<DD>
By default, uniqueness is not enforced for null values. Enabling
<B>unique_strict</B>

mode extends the concept of uniqueness to include null values, such that
only one attribute within a subtree will be allowed to have a null value.
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>CAVEATS</H2>

<P>

The search key is generated with attributes that are non-operational, not
on the
<B>unique_ignore</B>

list, and included in the
<B>unique_attributes</B>

list, in that order. This makes it possible to create interesting and
unusable configurations.
<P>

Typical attributes for the
<B>unique_ignore</B>

directive are intentionally not hardcoded into the overlay to allow for
maximum flexibility in meeting site-specific requirements.
<A NAME="lbAG">&nbsp;</A>
<H2>FILES</H2>

<DL COMPACT>
<DT>/usr/local/etc/openldap/slapd.conf<DD>
default slapd configuration file
</DL>
<A NAME="lbAH">&nbsp;</A>
<H2>SEE ALSO</H2>

<B><A HREF="http://localhost/cgi-bin/man/man2html?5+slapd.conf">slapd.conf</A></B>(5).

<P>

<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">CONFIGURATION</A><DD>
<DT><A HREF="#lbAF">CAVEATS</A><DD>
<DT><A HREF="#lbAG">FILES</A><DD>
<DT><A HREF="#lbAH">SEE ALSO</A><DD>
</DL>
<HR>
This document was created by
<A HREF="http://localhost/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 07:24:59 GMT, October 27, 2005
</BODY>
</HTML>