[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Unique overlay confusing
Apache Directory Studio works as well as JExplorer and has ManageDsaIT
controls. The version you download needs to match the bit-rate of the Java
Runtime Environment (32 or 64-bit) you have installed.
http://directory.apache.org/studio/
Jason Trupp
Symas Corporation
(855) LDAP-GUY
-----Original Message-----
From: openldap-technical <openldap-technical-bounces@openldap.org> On Behalf
Of Ervin Hegedüs
Sent: Thursday, August 30, 2018 2:36 AM
To: Quanah Gibson-Mount <quanah@symas.com>
Cc: Michael Ströder <michael@stroeder.com>; openldap-technical@openldap.org
Subject: Re: Unique overlay confusing
Hi Quanah,
thanks for your reply,
On Wed, Aug 29, 2018 at 09:17:25AM -0700, Quanah Gibson-Mount wrote:
> --On Thursday, August 09, 2018 9:51 AM +0200 Ervin Hegedüs
> <airween@gmail.com> wrote:
>
>
> >>olcUniqueURI: ldap:///?uid?sub?
> >>olcUniqueURI: ldap:///?mail?sub?
> >>olcUniqueURI: ldap:///?uidNumber?sub?
> >>olcUniqueURI: ldap:///?sn?sub?
> >>olcUniqueURI: ldap:///?cn?sub?
I've removed these directives:
> >>olcUniqueURI: ldaps:///?uid?sub?
> >>olcUniqueURI: ldaps:///?mail?sub?
> >>olcUniqueURI: ldaps:///?uidNumber?sub?
> >>olcUniqueURI: ldaps:///?sn?sub?
> >>olcUniqueURI: ldaps:///?cn?sub?
>
> Using "ldaps://" here is invalid. These are internal searches that
> don't use the LDAP protocol.
thanks,
> One thing you've not shown in your configurations is whether or not
> the {1}mdb,cn=config DB has a rootdn configured for that database
> instance. As noted in the man page, a rootdn is required on the
> specific database instance for the overlay to function:
>
> " The search is performed using the rootdn of the database, to
> avoid
> issues with ACLs preventing the overlay from seeing all of the
> relevant
> data. As such, the database must have a rootdn configured."
you think about this?
slapcat -b cn=config | less
...
dn: olcDatabase={1}mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {1}mdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=hu
...
olcRootDN: cn=admin,dc=hu
...
> Additionaly, you haven't noted how you are making the modifications to
> add the duplicate entries. Again, as noted in the man page:
>
> " Replication and operations with manageDsaIt control are
> allowed to
> bypass this enforcement. It is therefore important that all
> servers
> accepting writes have this overlay configured in order to
> maintain
> uniqueness in a replicated DIT.."
>
> So it is possible the LDAP client you are using to make the
> modifications is setting the manageDsaIT control.
I'm using jXplorer, I didn't found any manageDsaIt settings, so I assume
that it doesn't support, perhaps I can't bypass the enforcement - but may be
I'm wrong.
The unique key constraint still doesn't work.
Thanks again for your help,
a.