.TH SLAPO-CONSTRAINT 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 2005-2006 Hewlett-Packard Company
-.\" Copyright 2006-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2006-2011 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapo-constraint \- Attribute Constraint Overlay to slapd
+slapo\-constraint \- Attribute Constraint Overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
certain string represented data which have well known canonical forms,
like telephone numbers, post codes, FQDNs, etc.
.LP
-It constrains only LDAP adds and modify commands and only seeks to
-control the add and modify value of a modify request.
+It constrains only LDAP \fIadd\fP, \fImodify\fP and \fIrename\fP commands
+and only seeks to control the \fIadd\fP and \fIreplace\fP values
+of \fImodify\fP and \fIrename\fP requests.
+.LP
+No constraints are applied for operations performed with the
+.I relax
+control set.
.SH CONFIGURATION
This
.B slapd.conf
.B overlay
directive.
.TP
-.B constraint_attribute <attribute_name>[,...] <type> <value>
-Specifies the constraint which should apply to the attribute named as
-the first parameter.
-Two types of constraint are currently supported -
+.B constraint_attribute <attribute_name>[,...] <type> <value> [<extra> [...]]
+Specifies the constraint which should apply to the comma-separated
+attribute list named as the first parameter.
+Five types of constraint are currently supported -
.BR regex ,
.BR size ,
.BR count ,
.B count
type limits the number of values of an attribute.
+Extra parameters can occur in any order after those described above.
+.RS
+.TP
+.B <extra> : restrict=<uri>
+.RE
+
+.RS
+This extra parameter allows to restrict the application of the corresponding
+constraint only to entries that match the
+.IR base ,
+.I scope
+and
+.I filter
+portions of the LDAP URI.
+The
+.IR base ,
+if present, must be within the naming context of the database.
+The
+.I scope
+is only used when the
+.I base
+is present; it defaults to
+.BR base .
+The other parameters of the URI are not allowed.
+.RE
+
+.LP
Any attempt to add or modify an attribute named as part of the
constraint overlay specification which does not fit the
constraint listed will fail with a
overlay constraint
constraint_attribute jpegPhoto size 131072
constraint_attribute userPassword count 3
-constraint_attribute mail regex ^[:alnum:]+@mydomain.com$
+constraint_attribute mail regex ^[[:alnum:]]+@mydomain.com$
constraint_attribute title uri
ldap:///dc=catalog,dc=example,dc=com?title?sub?(objectClass=titleCatalog)
constraint_attribute cn,sn,givenName set
"(this/givenName + [ ] + this/sn) & this/cn"
+ restrict="ldap:///ou=People,dc=example,dc=com??sub?(objectClass=inetOrgPerson)"
.fi
.RE
.B title
attribute of any
.B titleCatalog
-entries in the given scope.
+entries in the given scope. (Note that the
+"dc=catalog,dc=example,dc=com" subtree ought to reside
+in a separate database, otherwise the initial set of
+titleCatalog entries could not be populated while the
+constraint is in effect.)
Finally, it requires the values of the attribute
.B cn
to be constructed by pairing values of the attributes
.B sn
and
.BR givenName ,
-separated by a space.
+separated by a space, but only for entries derived from the objectClass
+.BR inetOrgPerson .
.RE
.SH FILES
.TP
ETCDIR/slapd.conf
default slapd configuration file
.SH SEE ALSO
-.BR slapd.conf (5).
+.BR slapd.conf (5),
+.BR slapd\-config (5),
.SH ACKNOWLEDGEMENTS
This module was written in 2005 by Neil Dunbar of Hewlett-Packard and subsequently
extended by Howard Chu and Emmanuel Dreyfus.
projects / openldap / blobdiff