[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Blacklists of simple values in LDAP attribute constraints overlay?



Michael Ströder wrote:
> Florian Best wrote:
>> Oh yes, If I only include the blacklisted uid's in the filter then it's
>> possible. Thank you!
>>
>> unique_uri ldap:///dc=base?uid?sub?(|(uid=root)(uid=www-data)
> 
> Note that the filter part might not always work:
> 
> https://www.openldap.org/its/index.cgi?findid=6825
> 
> https://www.openldap.org/its/index.cgi?findid=6917

And btw I meant something else:

Assuming you're using two different entry object classes 'account' and 'inetOrgPerson'
with attribute 'uid' then you could define two different unique constraints (with two
different black-list entries):

unique_uri ldap:///dc=base?uid?sub?(objectClass=inetOrgPerson)

unique_uri ldap:///dc=base?uid?sub?(objectClass=account)

In my setup this only works when using negation filters (!(…)) though.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature