[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Uniqueness constraint over multiple attributes



On 06/20/2012 09:35 PM, Andrew Findlay wrote:
Jan Beerden wrote:
Is there a way to have a unique constraint over multiple attributes? We have
different attributes for the primary email address of a person, and for
additional aliases, and we'd like to enforce global uniqueness in such a way
that the primary email address for one person can not be used as an email
alias for another person.

The slapo-unique manpage doesn't make this very clear.

To achieve what Jan wants, I would consider requiring the primary
email address to also be listed as one of the aliases. A uniqueness
constraint like this would then protect against one entry hijacking
the address of another:

overlay unique
unique_uri "ldap:///o=myorg?primaryMail,aliasMail?sub?(objectClass=mailUser)"

The requirement for the primaryMail value to also appear as an
aliasMail value could be enforced using the constraint overlay with
the 'set' mechanism, something like:

overlay constraint
constraint_attribute primaryMail,aliasMail set
	"this/primaryMail & this/aliasMail"
	restrict="ldap:///o=myorg??sub?(objectClass=mailUser)"
Thanks! This does exactly what we wanted.

Regards

Jan Beerden                                   jan.beerden@fks.be
fks bvba - Formal and Knowledge Systems       http://www.fks.be/
Schampbergstraat 32                           Tel:  ++32-(0)11-21 49 11
B-3511 Kuringen                               Fax:  ++32-(0)11-22 04 19