8621 – Unique through multiple attribute

Issue 8621 - Unique through multiple attribute

Summary: Unique through multiple attribute

Status:	UNCONFIRMED

Alias:	None

Product:	OpenLDAP
Classification:	Unclassified
Component:	slapd (show other issues)
Version:	2.4.44
Hardware:	All All

Importance:	--- normal
Target Milestone:	---
Assignee:	OpenLDAP project

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-03-18 21:20 UTC by tatarenko@alpha-it.ru
Modified:	2017-03-20 23:30 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description tatarenko@alpha-it.ru 2017-03-18 21:20:00 UTC

Full_Name: Tatarenko Vasily
Version: 2.4.44
OS: Freebsd 11.0
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (128.74.103.57)


When use Unique overlay it is not possible to prevent users from inserting value
in attributeA (like otherMailbox) that is already was used in attributeB (like
mail) through whole domain.
If i put multiple attributes to Unique overlay it still search through one
attribute. 
If i use 
olcUniqueURI: ldap:///dc=instatsport,dc=com?mail,otherMailbox,proxyAddresses?sub
Unique overlay still make this search for mail:
   unique_search (|(mail=123@example.com))
And this search for otherMailbox
   unique_search (|(otherMailbox=123@example.com))

Comment 1 Michael Ströder 2017-03-18 23:07:09 UTC

tatarenko@alpha-it.ru wrote:
> When use Unique overlay it is not possible to prevent users from inserting value
> in attributeA (like otherMailbox) that is already was used in attributeB (like
> mail) through whole domain.
> If i put multiple attributes to Unique overlay it still search through one
> attribute. 
> If i use 
> olcUniqueURI: ldap:///dc=instatsport,dc=com?mail,otherMailbox,proxyAddresses?sub
> Unique overlay still make this search for mail:
>    unique_search (|(mail=123@example.com))
> And this search for otherMailbox
>    unique_search (|(otherMailbox=123@example.com))

I'd say it works as designed and there is no bug.

The work-around for your use-case is to use SUP to derive from a common attribute type.
But this should be discussed on openldap-technical mailing list.

Ciao, Michael.

Comment 2 Quanah Gibson-Mount 2017-03-20 23:28:48 UTC

moved from Incoming to Software Enhancements

Comment 3 Quanah Gibson-Mount 2017-03-20 23:30:38 UTC

--On Sunday, March 19, 2017 12:07 AM +0000 michael@stroeder.com wrote:

> I'd say it works as designed and there is no bug.
>
> The work-around for your use-case is to use SUP to derive from a common
> attribute type. But this should be discussed on openldap-technical
> mailing list.

Agreed.  I've moved this to the enhancement queue in case anyone ever wants 
to work on enforcing uniqueness across > 1 attribute, but I would think 
that would require all of the attributes to have the same syntax, etc.

Michael's suggestion for this specific use case seems to be the best 
solution for now.

--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>