[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Blacklists of simple values in LDAP attribute constraints overlay?

Hello Michael,

unfortunately we have multiple objects with the same "uid" attribute, so
the uniqueness overlay module cannot be used.

Is there a different way using the constraints module?

Thanks, Florian

Am 27.07.2017 um 18:28 schrieb Michael Ströder:
> Florian Best wrote:
>> I am searching for a way to add an LDAP constraint on attributes which
>> prevents setting specific values.
>> For example, I want to prevent that the attribute "uid" is equal to
>> (case insensitive) "foo" or "bar".
> If you have slapo-unique ensuring uniqueness for 'uid' you can simply use a black-list
> entry with all unwanted values listed in attribute 'uid'.
>
> See example in Æ-DIR demo:
>
> https://demo.ae-dir.com/web2ldap/read?ldapi://%2Fvar%2Frun%2Fslapd%2Fldapi/cn%3Dae-uid-blacklist%2Ccn%3Dae%2Cou%3Dae-dir????bindname=uid%3Daead%2Ccn%3Dae%2Cou%3Dae-dir,X-BINDPW=CorrectHorseBatteryStaple
>
> The advantage is that you can easily extend the list of unwanted values by adding more
> attribute values or even more separate black-list entries from different sources.
>
> Ciao, Michael.
>

-- 
Florian Best
Open Source Software Engineer
 
Univention GmbH
be open
Mary-Somerville-Str.1
28359 Bremen
Tel.: +49 421 22232-0
Fax : +49 421 22232-99

best@univention.de
http://www.univention.de

Geschäftsführer: Peter H. Ganten
HRB 20755 Amtsgericht Bremen
Steuer-Nr.: 71-597-02876