Hi Guys, Finally I understood my errors and I got the unique overlay working. For posterity, I'm going to list them and fixes here:
1) I recompiled OpenLDAP with the flag --enable-unique . Checking "./configure --help" let me understood that I had to use --enable-unique *=yes* 2) For testing I was using *JXplorer* and *Apache Directory Studio*. At this point, I noticed a strange line in the slapd log: "55dc142d unique_add: *administrative bypass, skipping*" With a short google search I found a thread here in the group: http://www.openldap.org/lists/openldap-technical/201307/msg00193.html 3) So, I moved to ldapadd cmd line and finally I got: ldap_add: Constraint violation (19) additional info: some attributes not unique I do not completely understand the ManageDsaIT control, but I guess that it shouldn't happen (I mean, a way to workaround the server constraints such as attrinute uniqueness). Fallback question: is there a way to prevent those Java tools to insert object with duplicate mails ? Thanks a LOT for your help. I find OpenLDAP amazing! Simone 2015-08-24 15:05 GMT+02:00 Simone Taliercio <[email protected]>: > Hi All! > > I'm trying to enforce the fact that the mail attribute has to be unique. > In order to do it I tried to enable the unique overlay. Unfortunately, > OpenLDAP still allow to insert an object with the same mail value. > > I cannot understand where the wrong configuration occurs. > > My config is still based con slapd.conf . I've recompiled OpenLDAP with > the following steps: > > a) ./configure --enable-modules=yes --enable-rlookups=yes --with-tls > --with-cyrus-sasl --enable-mdb=yes --enable-bdb=yes --enable-monitor=yes > --enable-unique > > b) make depend > c) make > d) make install > > Then, I added those lines to my slapd.conf > overlay unique > unique_uri ldap:///?mail?sub > > So, my develop slapd.conf looks like the one below now. > > Thanks a lot for any hints you can give me! > > Simone > > === slapd.conf ==== > include /usr/local/etc/openldap/schema/core.schema > include /usr/local/etc/openldap/schema/cosine.schema > include /usr/local/etc/openldap/schema/inetorgperson.schema > include /usr/local/etc/openldap/schema/nis.schema > > pidfile /usr/local/var/run/slapd.pid > argsfile /usr/local/var/run/slapd.args > > > database config > rootdn "cn=admin,cn=config" > > # Security - TLS section > TLSCACertificateFile /certs/CA.pem > TLSCertificateFile /certs/certificate.cer > TLSCertificateKeyFile /certs/company.key > TLSCipherSuite TLSv1+RSA:!NULL > TLSVerifyClient never > > # Use LMDB database. > database mdb > overlay unique > suffix "dc=com" > rootdn "cn=Manager,dc=com" > maxsize 16058941440 > rootpw secret > directory /usr/local/var/openldap-data/databases/com > index mail eq > index cn eq > index objectClass eq > > # mail is a unique attribute > unique_uri ldap:///?mail?sub? > > access to dn.subtree="ou=user,dc=company1,dc=com" > attrs=cn,sn,givenName,mail,userPassword > by dn.exact="cn=specificuser,ou=user,dc=company1,dc=com" search > by anonymous auth > > access to dn.subtree="ou=user,dc=company2,dc=com" > attrs=cn,sn,givenName,mail,userPassword > by dn.exact="cn=specificuser,ou=user,dc=company2,dc=com" write > by anonymous auth > > access to dn.subtree="dc=com" > by users read > by anonymous auth > > > > > > >
