Unique overlay example. Only rwm left to do.

2026-01-16 20:06:06 -05:00 · 2008-11-24 17:29:53 +00:00 · 2008-11-24 17:29:53 +00:00 · 9fa3637dcd
commit 9fa3637dcd
parent 8210619c7a
2 changed files with 100 additions and 45 deletions
--- a/doc/guide/admin/aspell.en.pws
+++ b/doc/guide/admin/aspell.en.pws
@ -1,4 +1,4 @@
-personal_ws-1.1 en 1675 
+personal_ws-1.1 en 1682 
 commonName
 bla
 Masarati
@ -6,8 +6,8 @@ subjectAltName
 api
 usnCreated
 BhY
-olcSyncRepl
 olcSyncrepl
+olcSyncRepl
 adamsom
 adamson
 CER
@ -26,6 +26,7 @@ BNF
 TLSEphemeralDHParamFile
 ppolicy
 ASN
+gavin
 ava
 Chu
 del
@ -39,8 +40,8 @@ DIB
 dev
 reqNewSuperior
 librewrite
-memberof
 memberOf
+memberof
 BSI
 updateref
 buf
@ -91,8 +92,8 @@ dlopen
 eng
 AttributeValue
 attributevalue
-DUA
 EOF
+DUA
 inputfile
 DSP
 refreshDone
@ -128,10 +129,10 @@ iff
 contextCSN
 auditModify
 auditSearch
-OpenLDAP
 openldap
-resultcode
+OpenLDAP
 resultCode
+resultcode
 sysconfig
 indices
 blen
@ -171,13 +172,13 @@ argv
 kdz
 notAllowedOnRDN
 hostport
-StartTLS
 starttls
+StartTLS
 ldb
 servercredp
 ldd
-IPv
 ipv
+IPv
 hyc
 joe
 bindmethods
@ -209,8 +210,8 @@ libpath
 acknowledgements
 jts
 createTimestamp
-MIB
 LLL
+MIB
 OpenSSL
 openssl
 LOF
@ -250,10 +251,10 @@ Subbarao
 aeeiib
 oidlen
 submatches
-PEM
 olc
-OLF
+PEM
 PDU
+OLF
 LDAPSchemaExtensionItem
 auth
 Pierangelo
@ -269,10 +270,11 @@ cleartext
 numattrsets
 requestDN
 caseExactSubstringsMatch
-NSS
 PKI
+NSS
 olcSyncProvConfig
 ple
+jones
 NTP
 auditModRDN
 checkpointing
@ -293,9 +295,9 @@ rdn
 wZFQrDD
 OTP
 olcSizeLimit
-PRD
-sbi
 pos
+sbi
+PRD
 pre
 sudoadm
 stringal
@ -315,8 +317,8 @@ bvec
 HtZhZS
 TBC
 stringbv
-SHA
 Sep
+SHA
 ptr
 conn
 pwd
@ -333,8 +335,8 @@ myOID
 supportedSASLMechanism
 supportedSASLmechanism
 realnamingcontext
-UCD
 SMD
+UCD
 keytab
 portnumber
 uncached
@ -347,8 +349,8 @@ sasldb
 UCS
 searchDN
 keytbl
-UDP
 tgz
+UDP
 freemods
 prepend
 nssov
@ -366,22 +368,23 @@ crit
 objectClassViolation
 ssf
 ldapfilter
-vec
-TOC
 rwm
+TOC
+vec
 pwdChangedTime
 tls
 peernamestyle
 xpasswd
-SRP
 tmp
+SRP
 SSL
 dupbv
 CPUs
+itsupport
 SRV
 entrymods
-sss
 rwx
+sss
 reqNewRDN
 nopresent
 rebindproc
@ -444,8 +447,8 @@ pseudorootdn
 MezRroT
 GDBM
 LIBRELEASE
-DSA's
 DSAs
+DSA's
 realloc
 booleanMatch
 compareTrue
@ -505,8 +508,8 @@ pwdMinLength
 iZ
 ldapdelete
 xyz
-rdbms
 RDBMs
+rdbms
 extparam
 mk
 ng
@ -571,8 +574,8 @@ ZZ
 LDVERSION
 testAttr
 backend
-backends
 backend's
+backends
 BerValues
 Solaris
 structs
@ -584,9 +587,9 @@ ostring
 policyDN
 testObject
 pwdMaxAge
-binddn
-bindDN
 bindDn
+bindDN
+binddn
 distributedOperation
 schemachecking
 strvals
@ -606,8 +609,8 @@ UMLDAP
 searchResultDone
 MAXLEN
 pwdInHistory
-reqAttrsOnly
 realtime
+reqAttrsOnly
 sysconfdir
 searchResultReference
 olcAttributeTypes
@ -624,20 +627,21 @@ dynstyle
 bindpw
 AUTHNAME
 UniqueName
+blahblah
 saslmech
 pthreads
 IEEE
 regex
 SIGINT
 slappasswd
-errABsObject
 errAbsObject
+errABsObject
 ldapexop
-objectIdentifier
 objectidentifier
+objectIdentifier
 deallocators
-mirrormode
 MirrorMode
+mirrormode
 loopDetect
 SIGHUP
 authMethodNotSupported
@ -654,8 +658,8 @@ filtercomp
 expr
 syntaxes
 memrealloc
-returncode
 returnCode
+returncode
 OpenLDAP's
 exts
 bitstringa
@ -679,8 +683,8 @@ lastName
 lldap
 cachesize
 slapauth
-attributeType
 attributetype
+attributeType
 GSER
 olcDbNosync
 typedef
@ -697,11 +701,12 @@ monitoredObject
 TLSVerifyClient
 noidlen
 LDAPNOINIT
-pwdGraceAuthnLimit
+henry
 pwdGraceAuthNLimit
+pwdGraceAuthnLimit
 hnPk
-userpassword
 userPassword
+userpassword
 noanonymous
 LIBVERSION
 symas
@ -720,9 +725,9 @@ IMAP
 organisations
 rewriteMap
 monitoredInfo
-modrDN
-ModRDN
 modrdn
+ModRDN
+modrDN
 HREF
 DQTxCYEApdUtNXGgdUac
 inline
@ -737,8 +742,8 @@ reqReferral
 rlookups
 siiiib
 LTSTATIC
-timelimitExceeded
 timeLimitExceeded
+timelimitExceeded
 XKYnrjvGT
 subtrees
 unixODBC
@ -750,8 +755,8 @@ reqDN
 dnstyle
 inet
 schemas
-pwdPolicySubentry
 pwdPolicySubEntry
+pwdPolicySubentry
 reqId
 backsql
 scanf
@ -780,6 +785,7 @@ html
 GCmfuqEvm
 multimaster
 testrun
+olcUniqueURI
 rewriteEngine
 slapdindex
 LTFINISH
@ -1090,8 +1096,8 @@ noop
 errObject
 XXLIBS
 reqAssertion
-nops
 PDUs
+nops
 baseObject
 bvecadd
 perl
@ -1504,6 +1510,7 @@ URL's
 urls
 olcAuditLogConfig
 reqMod
+joebloggs
 pwdHistory
 entryTtl
 olcIdleTimeout
@ -1599,12 +1606,12 @@ jpegPhoto
 supportedSASLMechanisms
 ACLs
 reqMethod
-authzId
-authzid
 authzID
+authzid
+authzId
 hasSubordintes
-proxyCache
 proxycache
+proxyCache
 slaptest
 olcLogLevel
 LDAPDN
@ -1629,8 +1636,8 @@ wBDARESEhgVG
 multi
 aaa
 ldaprc
-UpdateDN
 updatedn
+UpdateDN
 LDAPBASE
 LDAPAPIFeatureInfo
 authzTo
@ -1671,6 +1678,6 @@ ali
 attributeoptions
 BfQ
 uidNumber
-CA's
 CAs
+CA's
 namingContext
--- a/doc/guide/admin/overlays.sdf
+++ b/doc/guide/admin/overlays.sdf
@ -1268,12 +1268,60 @@ H2: Attribute Uniqueness

 H3: Overview

-This overlay can be used with a backend database such as slapd-bdb (5)
+This overlay can be used with a backend database such as {{slapd-bdb(5)}}
 to enforce the uniqueness of some or all attributes within a subtree.


 H3: Attribute Uniqueness Configuration

+This overlay is only effective on new data from the point the overlay is enabled. To
+check uniqueness for existing data, you can export and import your data again via the
+LDAP Add operation, which will not be suitable for large amounts of data, unlike {{B:slapcat}}.
+
+For the following example, if uniqueness were enforced for the {{B:mail}} attribute, 
+the subtree would be searched for any other records which also have a {{B:mail}} attribute 
+containing the same value presented with an {{B:add}}, {{B:modify}} or {{B:modrdn}} operation 
+which are unique within the configured scope. If any are found, the request is rejected.
+
+Note:  If no attributes are specified, for example {{B:ldap:///??sub?}}, then the URI applies to all non-operational attributes. However,
+the keyword {{B:ignore}} can be specified to exclude certain non-operational attributes. 
+
+To search at the base dn of the current backend database ensuring uniqueness of the {{B:mail}}
+attribute, we simply do:
+
+>       overlay unique
+>       unique_uri ldap:///?mail?sub?
+
+For an existing entry of:
+
+>       dn: cn=gavin,dc=suretecsystems,dc=com
+>       objectClass: top
+>       objectClass: inetorgperson
+>       cn: gavin
+>       sn: henry
+>       mail: ghenry@suretecsystems.com
+
+and we then try to add a new entry of:
+
+>       dn: cn=robert,dc=suretecsystems,dc=com
+>       objectClass: top
+>       objectClass: inetorgperson
+>       cn: robert
+>       sn: jones
+>       mail: ghenry@suretecsystems.com
+
+would result in an error like so:
+
+>       adding new entry "cn=robert,dc=example,dc=com"
+>       ldap_add: Constraint violation (19)
+>               additional info: some attributes not unique
+
+The overlay can have multiple URIs specified within a domain, allowing complex
+selections of objects and also have multiple {{B:unique_uri}} statements or 
+{{B:olcUniqueURI}} attributes which will create independent domains.
+
+For more information and details about the {{B:strict}} and {{B:ignore}} keywords,
+please see the {{:slapo-unique(5)}} man page.

 H3: Further Information