Michael Ströder wrote: > Florian Best wrote: >> Oh yes, If I only include the blacklisted uid's in the filter then it's >> possible. Thank you! >> >> unique_uri ldap:///dc=base?uid?sub?(|(uid=root)(uid=www-data) > > Note that the filter part might not always work: > > https://www.openldap.org/its/index.cgi?findid=6825 > > https://www.openldap.org/its/index.cgi?findid=6917 And btw I meant something else: Assuming you're using two different entry object classes 'account' and 'inetOrgPerson' with attribute 'uid' then you could define two different unique constraints (with two different black-list entries): unique_uri ldap:///dc=base?uid?sub?(objectClass=inetOrgPerson) unique_uri ldap:///dc=base?uid?sub?(objectClass=account) In my setup this only works when using negation filters (!(…)) though. Ciao, Michael.
Description: S/MIME Cryptographic Signature