Florian Best wrote: > I am searching for a way to add an LDAP constraint on attributes which > prevents setting specific values. > For example, I want to prevent that the attribute "uid" is equal to > (case insensitive) "foo" or "bar". If you have slapo-unique ensuring uniqueness for 'uid' you can simply use a black-list entry with all unwanted values listed in attribute 'uid'. See example in Æ-DIR demo: https://demo.ae-dir.com/web2ldap/read?ldapi://%2Fvar%2Frun%2Fslapd%2Fldapi/cn%3Dae-uid-blacklist%2Ccn%3Dae%2Cou%3Dae-dir????bindname=uid%3Daead%2Ccn%3Dae%2Cou%3Dae-dir,X-BINDPW=CorrectHorseBatteryStaple The advantage is that you can easily extend the list of unwanted values by adding more attribute values or even more separate black-list entries from different sources. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature