Hi Quanah, I am running openldap from bitnami docker - https://github.com/bitnami/containers/tree/main/bitnami/openldap/2.6/debian- 12
So there is not slapd.conf:
$ slapcat -n 0
could not stat config file "/opt/bitnami/openldap/etc/openldap/slapd.conf":
No such file or directory (2)
slapcat: bad configuration file!
Nevertheless, I ran this search:
ldapsearch -Y EXTERNAL -H ldapi:/// -LLL -b cn=config >
/bitnami/openldap/data/config
And tried to find the related config:
$ grep -i unique config
r uniquely identifying a user in an administrative domain' EQUALITY
integerMa
r uniquely identifying a group in an administrative domain' EQUALITY
integerM
olcAttributeTypes: {38}( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC 'RFC2256:
X
.500 unique identifier' EQUALITY bitStringMatch SYNTAX
1.3.6.1.4.1.1466.115.1
olcAttributeTypes: {42}( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: unique
me
mber of a group' EQUALITY uniqueMemberMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1
olcObjectClasses: {15}( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'RFC2256: a
gr
oup of unique names (DN and Unique Identifier)' SUP top STRUCTURAL MUST (
uni
ESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch
SUBSTR
olcAttributeTypes: {28}( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
DE
SC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX
1.3.6.1.4.1.14
$ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $
pre
$ grep -I overlay config
olcObjectIdentifier: olmOverlayAttributes olmSubSystemAttributes:2
olcObjectIdentifier: olmOverlayObjectClasses olmSubSystemObjectClasses:2
olcObjectIdentifier: olmSyncReplAttributes olmOverlayAttributes:1
olcObjectIdentifier: olmSyncReplObjectClasses olmOverlayObjectClasses:1
olcAttributeTypes: ( OLcfgGlAt:34 NAME 'olcOverlay' SUP olcDatabase
SINGLE-VAL
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.11 NAME 'monitorOverlay' DESC
'
name of overlays defined for a given database' SUP monitoredInfo
NO-USER-MODI
olcObjectClasses: ( OLcfgGlOc:5 NAME 'olcOverlayConfig' DESC 'OpenLDAP
Overlay
-specific options' SUP olcConfig STRUCTURAL MUST olcOverlay MAY olcDisabled
)
abeledURI $ monitoredInfo $ managedInfo $ monitorOverlay ) )
ider configuration' SUP olcOverlayConfig STRUCTURAL MAY ( olcSpCheckpoint $
o
dn: olcOverlay={0}syncprov,olcDatabase={2}mdb,cn=config
objectClass: olcOverlayConfig
olcOverlay: {0}syncprov
So it seems I have nothing in my config for unique. The only olcOverlay in
use in for syncprov.
Another point: Inside container I have some modules in folder
/opt/bitnami/openldap/lib/openldap
Among several libs, unique and syncprov:
lrwxrwxrwx 1 root root 17 Aug 18 2023 unique.so -> unique.so.2.0.200
lrwxrwxrwx 1 root root 17 Aug 18 2023 unique.so.2 -> unique.so.2.0.200
-rwxr-xr-x 1 root root 39424 Aug 18 2023 unique.so.2.0.200
lrwxrwxrwx 1 root root 19 Aug 18 2023 syncprov.so ->
syncprov.so.2.0.200
lrwxrwxrwx 1 root root 19 Aug 18 2023 syncprov.so.2 ->
syncprov.so.2.0.200
-rwxr-xr-x 1 root root 92736 Aug 18 2023 syncprov.so.2.0.200
From compose file I enable syncprov for replication
environment:
- LDAP_ENABLE_SYNCPROV=yes
And I can see the files to enable syncprov:
$ cat /opt/bitnami/openldap/share/syncprov_create_overlay_configuration.ldif
dn: olcOverlay=syncprov,olcDatabase={2}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpCheckpoint: 100 10
olcSpSessionLog: 100
-----Original Message-----
From: Quanah Gibson-Mount <[email protected]>
Sent: Thursday, February 29, 2024 5:33 PM
To: CALDEIRA JAVIEL Sandro <[email protected]>;
[email protected]
Subject: RE: Disable uniqueness for mail Attribute
[You don't often get email from [email protected]. Learn why this is
important at https://aka.ms/LearnAboutSenderIdentification ]
--On Thursday, February 29, 2024 1:35 PM +0000 CALDEIRA JAVIEL Sandro
<[email protected]> wrote:
> Hi Quanah,
>
> I am not sure how slapo-unique works. I am struggling with the syntax.
> How can I check current config concerning it?
Does your configuration even use slapo-unique? That's the first question you
need to answer. Assuming you are using cn=config, you can use slapcat -n 0
-l /tmp/config.ldif to export your full configuration and examine it to see
if it uses the unique overlay at all.
--Quanah
smime.p7s
Description: S/MIME cryptographic signature
