1 .TH SLAPO-UNIQUE 5 "RELEASEDATE" "OpenLDAP LDVERSION"
2 .\" Copyright 2004-2011 The OpenLDAP Foundation All Rights Reserved.
3 .\" Copying restrictions apply. See COPYRIGHT/LICENSE.
6 slapo\-unique \- Attribute Uniqueness overlay to slapd
10 The Attribute Uniqueness overlay can be used with a backend database such as
12 to enforce the uniqueness of some or all attributes within a
13 scope. This subtree defaults to all objects within the subtree of the
14 database for which the Uniqueness overlay is configured.
16 Uniqueness is enforced by searching the subtree to ensure that the values of
17 all attributes presented with an
22 operation are unique within the scope.
23 For example, if uniqueness were enforced for the
25 attribute, the subtree would be searched for any other records which also
28 attribute containing the same value. If any are found, the request is
31 The search is performed using the rootdn of the database, to avoid issues
32 with ACLs preventing the overlay from seeing all of the relevant data. As
33 such, the database must have a rootdn configured.
37 options apply to the Attribute Uniqueness overlay.
38 They should appear after the
42 .B unique_uri <[strict ][ignore ]URI[URI...]...>
43 Configure the base, attributes, scope, and filter for uniqueness
44 checking. Multiple URIs may be specified within a domain,
45 allowing complex selections of objects. Multiple
49 attributes will create independent domains, each with their own
50 independent lists of URIs and ignore/strict settings.
52 The LDAP URI syntax is a subset of
56 ldap:///[base dn]?[attributes...]?scope[?filter]
60 defaults to that of the back-end database.
61 Specified base dns must be within the subtree of the back-end database.
65 are specified, the URI applies to all non-operational attributes.
69 component is effectively mandatory, because LDAP URIs default to
71 scope, which is not valid for uniqueness, because groups of one object
72 are always unique. Scopes of
76 for one-level are valid.
80 component causes the domain to apply uniqueness constraints only to
81 matching objects. e.g.
82 .B ldap:///?cn?sub?(sn=e*)
85 attributes for all objects in the subtree of the back-end database whose
89 It is possible to assert uniqueness upon all non-operational
90 attributes except those listed by prepending the keyword
92 If not configured, all non-operational (e.g., system) attributes must be
97 URI should generally contain the
103 attributes, as these will generally not be unique, nor are they operational
106 It is possible to set strict checking for the uniqueness domain by
107 prepending the keyword
109 By default, uniqueness is not enforced
110 for null values. Enabling
112 mode extends the concept of uniqueness to include null values, such
113 that only one attribute within a subtree will be allowed to have a
114 null value. Strictness applies to all URIs within a uniqueness
115 domain, but some domains may be strict while others are not.
117 It is not possible to set both URIs and legacy slapo\-unique configuration
118 parameters simultaneously. In general, the legacy configuration options
119 control pieces of a single unfiltered subtree domain.
121 .B unique_base <basedn>
122 This legacy configuration parameter should be converted to the
124 component of the above
128 .B unique_ignore <attribute...>
129 This legacy configuration parameter should be converted to a
133 keyword as described above.
135 .B unique_attributes <attribute...>
136 This legacy configuration parameter should be converted to a
138 parameter, as described above.
141 This legacy configuration parameter should be converted to a
143 keyword prepended to a
145 parameter, as described above.
149 cannot be used with the old-style of configuration, and vice versa.
151 can implement everything the older system can do, however.
153 Typical attributes for the
154 .B ignore ldap:///...
155 URIs are intentionally not hardcoded into the overlay to allow for
156 maximum flexibility in meeting site-specific requirements.
160 default slapd configuration file
163 .BR slapd\-config (5).