uniqueness on multiple attributes

["A. Schulze" <sca@andreasschulze.de>]

Hello,

my goal it to extend a uniqueness configuration. I do already enforce uniqueness of mail addresses:

slapd.conf:
	moduleload unique.la
	overlay unique
	unique_uri ldap:///dc=basedn?mail?sub?

that works.

Now also address rewriting data should be migrated LDAP. Rewriting addresses are stored in the attribute "mailalternateaddress"
Requirement: no address may occur twice no matter if stored as "mail" or "mailalternateaddress"
Logical it's something like
	unique_uri (ldap:///dc=basedn?mail?sub?) OR (ldap:///dc=basedn?mail?sub?)

Now I fail to correctly translate that to a valid configuration.
https://www.openldap.org/software/man.cgi?query=slapo-unique say "unique_uri <[strict ][ignore ]URI[URI...]...>"
with a formal definition of URI "ldap:///[base dn]?[attributes...]?scope[?filter]"
It also say "Multiple URIs may be specified within a domain, allowing complex selections of objects."

As the manpage doesn't give an example I tried:
	unique_uri ldap:///dc=ldap?mailalternateaddress?sub ldap:///dc=ldap?mail?sub

slapd logs
	5c445384 /etc/openldap/slapd.conf: line 149 (unique_uri ldap:///dc=ldap?mailalternateaddress?sub ldap:///dc=ldap?mail?sub)
        -> slapd starts but uniqueness is not enforced

So I tried multiple versions:
To make it readable: uri1=ldap:///dc=ldap?mailalternateaddress?sub
                     uri2=ldap:///dc=ldap?mail?sub

	unique_uri uri1 uri2	
	unique_uri uri1uri2
	unique_uri uri1,uri2
	unique_uri uri1, uri2
	unique_uri "uri1 uri2"
	unique_uri "uri1""uri2"
	unique_uri "uri1","uri2"
	unique_uri "uri1", "uri2"

Mostly slapd failed to start with an error "invalid ldap urilist"
If slapd started, the uniqueness wasn't enforced
One version (unique_uri "uri1 uri2") result in slapd consume 100% cpu time.

Anybody have a hint how to enforce uniqueness on multiple attributes?

Andreas