Thanks for your answer, Le 30/07/2013 18:55, Michael Ströder a écrit :
Philippe MARASSE wrote:I'm trying to enable unique overlay to enforce uniqueness of uid and mail attributes with no luck. [..] The first time, I've used the main administrative account. So I created a sub administrator account, changed the ACLs, fine. Deleted the two entries, recreated the two entries with the same mail without error. I've tried to put slapd in debug mode, the only ting I've noticed is : 51f7df1e >>> dnPrettyNormal: <uid=test2,ou=people,dc=mydomain,dc=com> 51f7df1e <<< dnPrettyNormal: <uid=test2,ou=people,dc=mydomain,dc=com>, <uid=test2,ou=people,dc=mydomain,dc=com> 51f7df1e ==> unique_modify <uid=test2,ou=people,dc=mydomain,dc=com> 51f7df1e *unique_modify: administrative bypass, skipping* 51f7df1e bdb_dn2entry("uid=test2,ou=people,dc=mydomain,dc=com") 51f7df1e bdb_entry_get: rc=0 If someone has a clue...It's a bit unclear what you're really doing. There are/were some bugs in slapo-unique but not sure whether you're hitting them without seeing *exactly* how you perform the client operations.
I've tested : - adding an entry with non-unique mail attribute - modifying an entry to make mail non unique
Maybe you could try to provide the LDIF input data and commands you're using. Which client?
jxplorer
Which options?
A good question indeed ! I'm using jxplorer from stock install without customization.
Hmmm, interesting, if ManageDSAIT option is used, I'm not yet aware of that. I'll track jxplorer behavior today.AFAICS in the source the bypass message is only written to log in case of ManageDSAIT control being used during ldapadd/ldapmodify. You should really understand what's the effect of LDAPv3 extended controls before using them.
May should I test with another ldap tool ? Many thanks. Rgds. -- Philippe MARASSE Service Informatique - Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques Coeur 86021 Poitiers Cedex Tel : 05.49.44.57.19
Attachment:
smime.p7s
Description: Signature cryptographique S/MIME