Re: Open LDAP - How to define an additionnal "uid" like attribute equivalent to a RDMS unique key index

[Clément OUDOT <clement.oudot@worteks.com>]

Le 30/04/2019 à 21:02, Michael Ströder a écrit :
> On 4/30/19 12:20 PM, pascal.foulon@orange.com wrote:
>> =>  extented flags
>>
>> https://ldapwiki.com/wiki/Extended%20Flags
> Most of these attribute type description extensions are not relevant for
> OpenLDAP at all.
>
>> I've tried several configurations such as :
>> - define xuid attribute using uid as a parent attribute type
>>
>> olcAttributeTypes: {76}( ORANGE-AT:77 NAME 'xuid' SUP uid EQUALITY
>> caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
>> 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE )
> You should *not* use SUP uid unless you're 100% sure about its
> implications regarding matching rules also affecting index use and
> slapo-unique.
>
>> - define xuid attribute using uid as a parent attribute type with
>> additional extended flags
>>
>> olcAttributeTypes: {76}( ORANGE-AT:77 NAME 'xuid' SUP uid EQUALITY
>> caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
>> 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE X-NDS_NAME 'uniqueID'
>> X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '64' X-NDS_PUBLIC_READ '0'
>> X-NDS_NONREMOVABLE '0' )
> Everything starting with X-NDS only applies to Novell eDirectory (or
> whatever it's called today) and thus is useless.
>
> For the rest see (as Quanah suggested):
> https://www.openldap.org/software/man.cgi?query=slapo-unique


Hello,

as said by others, you indeed need to configure the unique overlay. You
can also have a look to constraint overlay to add other checks, like
regexp or size.

https://www.openldap.org/software/man.cgi?query=slapo-constraint


-- 
Clément Oudot | Identity Solutions Manager

clement.oudot@worteks.com

Worteks | https://www.worteks.com