[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to configure Unique Overlay in cn=config

Thanks Quanah:

I'm using Debian Stable's repository and would prefer to stay in sync with the repo to ease the maintenance process.

AFAIK Debian usually applies critical patches in its own packaging version so maybe some of those issues are already addressed. My exact version is 2.4.23-7.2, which I think that means that is version 7.2 of Debian package or something like this. I'll take some time and check it just in case there is something really nasty that I should be aware of, thank you very much.

Going back to unique overlay. I finally managed to configure it, as you say I just added a new module entry but I wasn't seeing the corresponding configuration objectclasses needed. After restarting slapd they appeared.

Thank you very much.

2011/11/9 Quanah Gibson-Mount <quanah@zimbra.com>
--On Monday, November 07, 2011 7:05 PM +0100 Igor Blanco <iblanco@binovo.es> wrote:

Hello everyone,

I'm trying to configure the uniqueness overlay in Debian Squeeze
(OpenLDAP 2.4.23) using "cn=config" but I can't figure how to do it and
can't find any good doc about it, the FAQ-O-Matic wasn't very helpful
this time.

I've added a new "olcModuleLoad=unique" attribute in
"cn=module{0},cn=config" and it hasn't complained, but how and where do I
set "olcUniqueURI" ? in "olcDatabase={1}hdb,cn=config" ? This attribute
does not seem to be present in my OpenLDAP installation, do I have to add
any new schema?

Any reference to documentation explaining how to configure "unique"
overlay within "cn=config" would be much appreciated. A dump of a
"cn=config" branch correctly configured would be fantastic.

First, I would seriously advise you to upgrade to 2.4.26.  2.4.23 has numerous, serious issues.  You may also want to grab the patch for ITS#7030 from the git repo (<http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=eae46d35d252f5e7cfd623984f0896e951d507c9>)

As for adding unique, it's pretty trivial.  I have a perl script that does it using Net::LDAP, but you can trivially change this for ldapadd:

my $ldap = Net::LDAP->new('ldapi://%2fopt%2fzimbra%2fopenldap%2fvar%2frun%2fldapi/') or die "$@";
my $mesg = $ldap->bind("cn=config", password=>"$ldap_root_password");
$mesg->code && die "Bind: ". $mesg->error . "\n";
my $dn="cn=module{0},cn=config";
$mesg = $ldap->modify(
  add =>{olcModuleLoad => 'unique.la'},
my $bdn="olcDatabase={2}hdb,cn=config";
$mesg = $ldap ->search(
                  attrs => ['1.1'],

my $size = $mesg->count;
if ($size == 0) {
 $mesg = $ldap->add( "$dn",
                     attr => [
                       'olcUniqueURI' => 'ldap:///?mail?sub',
                       'objectclass' => ['olcOverlayConfig', 'olcUniqueConfig', ],
 $mesg->code && warn "failed to add entry: ", $mesg->error ;

The basic idea is you add a new entry, olcOverlay=unique,<base database DN> with the objectClasses and the unique URI.



Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
Zimbra ::  the leader in open source messaging and collaboration

Igor Blanco González
Binovo IT Human Project
e-mail: iblanco@binovo.es
Telf. :   943 493611 - 690229375
                         Astigarraga Bidea 2
                          Planta 6. - Ofi. 3-2 
                    20180 Oiartzun ( Gipuzkoa )