[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6077) Spurious uniqueness errors with filters in unique overlays

Full_Name: Andres Freund
Version: 2.4.16
OS: Linux
Submission from: (NULL) (

If I read the code correctly the unique overlay does not check if the current
operation matches the filter of a domain before doing a uniqeness check.
This leads to wrongly reported errors.

I noticed this after adding a uniqueness constraint on gidNumber on all
posixGroup objects (i.e. ldap:///?gidNumber?sub?(objectClass=posixGroup)) - it
was not possible anymore to add posixAccounts with that gidNumber. 



Here a modification of the testscript to reproduce the issue:
--- openldap-2.4.16.saved/tests/scripts/test024-unique	2009-04-23
23:51:37.942051631 +0200
+++ openldap-2.4.16/tests/scripts/test024-unique	2009-04-25 02:50:40.975257488
@@ -425,6 +425,7 @@
 changetype: modify
 add: olcUniqueURI
 olcUniqueURI: ldap:///?sn?sub?(cn=e*)
+olcUniqueURI: ldap:///?uid?sub?(cn=edgar)
 delete: olcUniqueURI
 olcUniqueURI: ldap:///?description?one
@@ -445,6 +446,7 @@
 olcOverlay: {0}unique
 olcUniqueURI: ldap:///?employeeNumber,displayName?sub
 olcUniqueURI: ldap:///?sn?sub?(cn=e*)
+olcUniqueURI: ldap:///?uid?sub?(cn=edgar)
 diff $TESTDIR/third-config.ldif $TESTDIR/third-reference.ldif > /dev/null 2>&1
@@ -473,6 +475,27 @@
 	exit -1
+echo "Adding a record unique in all domains because of filter conditions "
+	 $TESTOUT 2>&1 << EOF
+dn: uid=empty,ou=users,o=unique
+objectClass: inetOrgPerson
+uid: edgar
+cn: empty
+sn: empty
+if test $RC != 0 ; then
+	echo "spurious unique error ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit -1
 echo "Adding a record unique in one domain, non-unique in the filtered