[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Unique Overlay: attribute mail
- To: openldap-technical@openldap.org
- Subject: Re: Unique Overlay: attribute mail
- From: Clément OUDOT <clement.oudot@savoirfairelinux.com>
- Date: Mon, 24 Aug 2015 15:18:47 +0200
- In-reply-to: <CANqXOajhRU6U7NwunVx5GQfCbYfAL=boZKsM8JDJY71Tio7ACg@mail.gmail.com>
- Organization: Savoir-Faire Linux
- References: <CANqXOajhRU6U7NwunVx5GQfCbYfAL=boZKsM8JDJY71Tio7ACg@mail.gmail.com>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
Le 24/08/2015 15:05, Simone Taliercio a écrit :
Hi All!
I'm trying to enforce the fact that the mail attribute has to be
unique. In order to do it I tried to enable the unique overlay.
Unfortunately, OpenLDAP still allow to insert an object with the same
mail value.
I cannot understand where the wrong configuration occurs.
My config is still based con slapd.conf . I've recompiled OpenLDAP
with the following steps:
a) ./configure --enable-modules=yes --enable-rlookups=yes --with-tls
--with-cyrus-sasl --enable-mdb=yes --enable-bdb=yes
--enable-monitor=yes --enable-unique
b) make depend
c) make
d) make install
Then, I added those lines to my slapd.conf
overlay unique
unique_uri ldap:///?mail?sub
So, my develop slapd.conf looks like the one below now.
Thanks a lot for any hints you can give me!
Simone
=== slapd.conf ====
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
database config
rootdn "cn=admin,cn=config"
# Security - TLS section
TLSCACertificateFile /certs/CA.pem
TLSCertificateFile /certs/certificate.cer
TLSCertificateKeyFile /certs/company.key
TLSCipherSuite TLSv1+RSA:!NULL
TLSVerifyClient never
# Use LMDB database.
database mdb
overlay unique
suffix "dc=com"
rootdn "cn=Manager,dc=com"
maxsize 16058941440
rootpw secret
directory /usr/local/var/openldap-data/databases/com
index mail eq
index cn eq
index objectClass eq
# mail is a unique attribute
unique_uri ldap:///?mail?sub?
access to dn.subtree="ou=user,dc=company1,dc=com"
attrs=cn,sn,givenName,mail,userPassword
by dn.exact="cn=specificuser,ou=user,dc=company1,dc=com" search
by anonymous auth
access to dn.subtree="ou=user,dc=company2,dc=com"
attrs=cn,sn,givenName,mail,userPassword
by dn.exact="cn=specificuser,ou=user,dc=company2,dc=com" write
by anonymous auth
access to dn.subtree="dc=com"
by users read
by anonymous auth
Hi,
you should declare the overlay below the database, like this:
# Use LMDB database.
database mdb
suffix "dc=com"
rootdn "cn=Manager,dc=com"
maxsize 16058941440
rootpw secret
directory /usr/local/var/openldap-data/databases/com
index mail eq
index cn eq
index objectClass eq
access to dn.subtree="ou=user,dc=company1,dc=com"
attrs=cn,sn,givenName,mail,userPassword
by dn.exact="cn=specificuser,ou=user,dc=company1,dc=com" search
by anonymous auth
access to dn.subtree="ou=user,dc=company2,dc=com"
attrs=cn,sn,givenName,mail,userPassword
by dn.exact="cn=specificuser,ou=user,dc=company2,dc=com" write
by anonymous auth
access to dn.subtree="dc=com"
by users read
by anonymous auth
# mail is a unique attribute
overlay unique
unique_uri ldap:///?mail?sub?
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
87, rue de Turbigo - 75003 PARIS