.TH SLAPO-UNIQUE 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2012 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapo-unique \- Attribute Uniqueness overlay
+slapo\-unique \- Attribute Uniqueness overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
The Attribute Uniqueness overlay can be used with a backend database such as
-.BR slapd-bdb (5)
+.BR slapd\-bdb (5)
to enforce the uniqueness of some or all attributes within a
scope. This subtree defaults to all objects within the subtree of the
database for which the Uniqueness overlay is configured.
.B uid
attribute containing the same value. If any are found, the request is
rejected.
+.LP
+The search is performed using the rootdn of the database, to avoid issues
+with ACLs preventing the overlay from seeing all of the relevant data. As
+such, the database must have a rootdn configured.
.SH CONFIGURATION
These
.B slapd.conf
.TP
.B unique_uri <[strict ][ignore ]URI[URI...]...>
Configure the base, attributes, scope, and filter for uniqueness
-checking. Multiple URIs may be specified within a domain, allowing complex selections of objects. Multiple
+checking. Multiple URIs may be specified within a domain,
+allowing complex selections of objects. Multiple
.B unique_uri
statements or
.B olcUniqueURI
-attributes will create independent domains, each with their own independent lists of URIs and ignore/strict settings.
+attributes will create independent domains, each with their own
+independent lists of URIs and ignore/strict settings.
+
+Keywords
+.B strict
+and
+.B ignore
+have to be enclosed in quotes (") together with the URI.
The LDAP URI syntax is a subset of
.B RFC-4516,
The
.B base dn
-defaults to that of the back-end database. Specified base dns must be within the subtree of the back-end database.
+defaults to that of the back-end database.
+Specified base dns must be within the subtree of the back-end database.
If no
.B attributes
It is possible to assert uniqueness upon all non-operational
attributes except those listed by prepending the keyword
.B ignore
-If not configured, all non-operational (eg, system) attributes must be
+If not configured, all non-operational (e.g., system) attributes must be
unique. Note that the
.B attributes
list of an
null value. Strictness applies to all URIs within a uniqueness
domain, but some domains may be strict while others are not.
.LP
-It is not possible to set both URIs and legacy slapo-unique configuration parameters simultaneously. In general, the legacy configuration options control pieces of a single unfiltered subtree domain.
+It is not possible to set both URIs and legacy slapo\-unique configuration
+parameters simultaneously. In general, the legacy configuration options
+control pieces of a single unfiltered subtree domain.
.TP
.B unique_base <basedn>
This legacy configuration parameter should be converted to the
.B unique_uri
parameter, as described above.
.TP
-.B unique_strict
+.B unique_strict <attribute...>
This legacy configuration parameter should be converted to a
.B strict
keyword prepended to a
.B ignore ldap:///...
URIs are intentionally not hardcoded into the overlay to allow for
maximum flexibility in meeting site-specific requirements.
+.LP
+Replication and operations with
+.B manageDsaIt
+control are allowed to bypass this enforcement. It is therefore important that
+all servers accepting writes have this overlay configured in order to maintain
+uniqueness in a replicated DIT.
.SH FILES
.TP
ETCDIR/slapd.conf
default slapd configuration file
.SH SEE ALSO
-.BR slapd.conf (5).
+.BR slapd.conf (5),
+.BR slapd\-config (5).
projects / openldap / blobdiff