Hi Clement, Thanks for your quick answer!
I tried your suggestion, but it does not really like it: /usr/local/etc/openldap/slapd.conf: line 90: unknown directive <unique_uri> inside backend database definition. I'm going to try now to have only the unique_uri section at the end. Stay tuned! Simone 2015-08-24 15:18 GMT+02:00 Clément OUDOT <[email protected] >: > > > Le 24/08/2015 15:05, Simone Taliercio a écrit : > >> Hi All! >> >> I'm trying to enforce the fact that the mail attribute has to be unique. >> In order to do it I tried to enable the unique overlay. Unfortunately, >> OpenLDAP still allow to insert an object with the same mail value. >> >> I cannot understand where the wrong configuration occurs. >> >> My config is still based con slapd.conf . I've recompiled OpenLDAP with >> the following steps: >> >> a) ./configure --enable-modules=yes --enable-rlookups=yes --with-tls >> --with-cyrus-sasl --enable-mdb=yes --enable-bdb=yes --enable-monitor=yes >> --enable-unique >> >> b) make depend >> c) make >> d) make install >> >> Then, I added those lines to my slapd.conf >> overlay unique >> unique_uri ldap:///?mail?sub >> >> So, my develop slapd.conf looks like the one below now. >> >> Thanks a lot for any hints you can give me! >> >> Simone >> >> === slapd.conf ==== >> include /usr/local/etc/openldap/schema/core.schema >> include /usr/local/etc/openldap/schema/cosine.schema >> include /usr/local/etc/openldap/schema/inetorgperson.schema >> include /usr/local/etc/openldap/schema/nis.schema >> >> pidfile /usr/local/var/run/slapd.pid >> argsfile /usr/local/var/run/slapd.args >> >> >> database config >> rootdn "cn=admin,cn=config" >> >> # Security - TLS section >> TLSCACertificateFile /certs/CA.pem >> TLSCertificateFile /certs/certificate.cer >> TLSCertificateKeyFile /certs/company.key >> TLSCipherSuite TLSv1+RSA:!NULL >> TLSVerifyClient never >> >> # Use LMDB database. >> database mdb >> overlay unique >> suffix "dc=com" >> rootdn "cn=Manager,dc=com" >> maxsize 16058941440 >> rootpw secret >> directory /usr/local/var/openldap-data/databases/com >> index mail eq >> index cn eq >> index objectClass eq >> >> # mail is a unique attribute >> unique_uri ldap:///?mail?sub? >> >> access to dn.subtree="ou=user,dc=company1,dc=com" >> attrs=cn,sn,givenName,mail,userPassword >> by dn.exact="cn=specificuser,ou=user,dc=company1,dc=com" search >> by anonymous auth >> >> access to dn.subtree="ou=user,dc=company2,dc=com" >> attrs=cn,sn,givenName,mail,userPassword >> by dn.exact="cn=specificuser,ou=user,dc=company2,dc=com" write >> by anonymous auth >> >> access to dn.subtree="dc=com" >> by users read >> by anonymous auth >> >> > > Hi, > > you should declare the overlay below the database, like this: > > # Use LMDB database. > database mdb > suffix "dc=com" > rootdn "cn=Manager,dc=com" > maxsize 16058941440 > rootpw secret > directory /usr/local/var/openldap-data/databases/com > index mail eq > index cn eq > index objectClass eq > > access to dn.subtree="ou=user,dc=company1,dc=com" > attrs=cn,sn,givenName,mail,userPassword > by dn.exact="cn=specificuser,ou=user,dc=company1,dc=com" search > by anonymous auth > > access to dn.subtree="ou=user,dc=company2,dc=com" > attrs=cn,sn,givenName,mail,userPassword > by dn.exact="cn=specificuser,ou=user,dc=company2,dc=com" write > by anonymous auth > > access to dn.subtree="dc=com" > by users read > by anonymous auth > > # mail is a unique attribute > overlay unique > unique_uri ldap:///?mail?sub? > > -- > Clément OUDOT > Consultant en logiciels libres, Expert infrastructure et sécurité > Savoir-faire Linux > 87, rue de Turbigo - 75003 PARIS > > >
