Full_Name: Tatarenko Vasily Version: 2.4.44 OS: Freebsd 11.0 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (128.74.103.57) When use Unique overlay it is not possible to prevent users from inserting value in attributeA (like otherMailbox) that is already was used in attributeB (like mail) through whole domain. If i put multiple attributes to Unique overlay it still search through one attribute. If i use olcUniqueURI: ldap:///dc=instatsport,dc=com?mail,otherMailbox,proxyAddresses?sub Unique overlay still make this search for mail: unique_search (|(mail=123@example.com)) And this search for otherMailbox unique_search (|(otherMailbox=123@example.com))
tatarenko@alpha-it.ru wrote: > When use Unique overlay it is not possible to prevent users from inserting value > in attributeA (like otherMailbox) that is already was used in attributeB (like > mail) through whole domain. > If i put multiple attributes to Unique overlay it still search through one > attribute. > If i use > olcUniqueURI: ldap:///dc=instatsport,dc=com?mail,otherMailbox,proxyAddresses?sub > Unique overlay still make this search for mail: > unique_search (|(mail=123@example.com)) > And this search for otherMailbox > unique_search (|(otherMailbox=123@example.com)) I'd say it works as designed and there is no bug. The work-around for your use-case is to use SUP to derive from a common attribute type. But this should be discussed on openldap-technical mailing list. Ciao, Michael.
moved from Incoming to Software Enhancements
--On Sunday, March 19, 2017 12:07 AM +0000 michael@stroeder.com wrote: > I'd say it works as designed and there is no bug. > > The work-around for your use-case is to use SUP to derive from a common > attribute type. But this should be discussed on openldap-technical > mailing list. Agreed. I've moved this to the enhancement queue in case anyone ever wants to work on enforcing uniqueness across > 1 attribute, but I would think that would require all of the attributes to have the same syntax, etc. Michael's suggestion for this specific use case seems to be the best solution for now. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>