This manual page is for Mac OS X version 10.6.3

If you are running a different version of Mac OS X, view the documentation locally:

  • In Terminal, using the man(1) command

Reading manual pages

Manual pages are intended as a quick reference for people who already understand a technology.

  • For more information about the manual page format, see the manual page for manpages(5).

  • For more information about this technology, look for other documentation in the Apple Reference Library.

  • For general information about writing shell scripts, read Shell Scripting Primer.


SLAPO-UNIQUE(5)                                                                              SLAPO-UNIQUE(5)



NAME
       slapo-unique - Attribute Uniqueness overlay to slapd

SYNOPSIS
       /etc/openldap/slapd.conf

DESCRIPTION
       The  Attribute Uniqueness overlay can be used with a backend database such as slapd-bdb(5) to enforce
       the uniqueness of some or all attributes within a scope. This subtree defaults to all objects  within
       the subtree of the database for which the Uniqueness overlay is configured.

       Uniqueness is enforced by searching the subtree to ensure that the values of all attributes presented
       with an add, modify or modrdn operation are unique within the scope.  For example, if uniqueness were
       enforced for the uid attribute, the subtree would be searched for any other records which also have a
       uid attribute containing the same value. If any are found, the request is rejected.

CONFIGURATION
       These slapd.conf options apply to the Attribute Uniqueness overlay.  They  should  appear  after  the
       overlay directive.

       unique_uri <[strict ][ignore ]URI[URI...]...>
              Configure  the base, attributes, scope, and filter for uniqueness checking.  Multiple URIs may
              be specified within a domain, allowing complex selections  of  objects.   Multiple  unique_uri
              statements  or  olcUniqueURI  attributes  will create independent domains, each with their own
              independent lists of URIs and ignore/strict settings.

              The LDAP URI syntax is a subset of RFC-4516, and takes the form:

              ldap:///[base dn]?[attributes...]?scope[?filter]

              The base dn defaults to that of the back-end database.  Specified base dns must be within  the
              subtree of the back-end database.

              If no attributes are specified, the URI applies to all non-operational attributes.

              The  scope  component is effectively mandatory, because LDAP URIs default to base scope, which
              is not valid for uniqueness, because groups of one object are always unique.   Scopes  of  sub
              (for subtree) and one for one-level are valid.

              The  filter  component  causes  the  domain  to  apply uniqueness constraints only to matching
              objects.  e.g.  ldap:///?cn?sub?(sn=e*) would require unique cn attributes for all objects  in
              the subtree of the back-end database whose sn starts with an e.

              It is possible to assert uniqueness upon all non-operational attributes except those listed by
              prepending the keyword ignore If not configured, all non-operational (e.g., system) attributes
              must  be  unique.  Note that the attributes list of an ignore URI should generally contain the
              objectClass, dc, ou and o attributes, as these will generally not  be  unique,  nor  are  they
              operational attributes.

              It  is  possible  to  set  strict checking for the uniqueness domain by prepending the keyword
              strict.  By default, uniqueness is not enforced for null values. Enabling strict mode  extends
              the  concept  of uniqueness to include null values, such that only one attribute within a sub-tree subtree
              tree will be allowed to have a null value.  Strictness applies to all URIs within a uniqueness
              domain, but some domains may be strict while others are not.

       It  is not possible to set both URIs and legacy slapo-unique configuration parameters simultaneously.
       In general, the legacy configuration options control pieces of a single unfiltered subtree domain.

       unique_base <basedn>
              This legacy configuration parameter should be converted to the base dn component of the  above
              unique_uri style of parameter.

       unique_ignore <attribute...>
              This  legacy configuration parameter should be converted to a unique_uri parameter with ignore
              keyword as described above.

       unique_attributes <attribute...>
              This legacy configuration  parameter  should  be  converted  to  a  unique_uri  parameter,  as
              described above.

       unique_strict
              This  legacy  configuration  parameter  should be converted to a strict keyword prepended to a
              unique_uri parameter, as described above.

CAVEATS
       unique_uri cannot be used with the old-style of configuration, and vice versa.  unique_uri can imple-ment implement
       ment everything the older system can do, however.

       Typical  attributes for the ignore ldap:///...  URIs are intentionally not hardcoded into the overlay
       to allow for maximum flexibility in meeting site-specific requirements.

FILES
       /etc/openldap/slapd.conf
              default slapd configuration file

SEE ALSO
       slapd.conf(5).



OpenLDAP 2.4.11                                  2008/07/16                                  SLAPO-UNIQUE(5)

Reporting Problems

The way to report a problem with this manual page depends on the type of problem:

Content errors
Report errors in the content of this documentation with the feedback links below.
Bug reports
Report bugs in the functionality of the described tool or API through Bug Reporter.
Formatting problems
Report formatting mistakes in the online version of these pages with the feedback links below.

Did this document help you? Yes It's good, but... Not helpful...