uniqueness on multiple attributes

Sun, 20 Jan 2019 14:56:56 -0800 

Hello,

my goal it to extend a uniqueness configuration. I do already enforce 
uniqueness of mail addresses:

slapd.conf:
        moduleload unique.la
        overlay unique
        unique_uri ldap:///dc=basedn?mail?sub?

that works.

Now also address rewriting data should be migrated LDAP. Rewriting addresses 
are stored in the attribute "mailalternateaddress"
Requirement: no address may occur twice no matter if stored as "mail" or 
"mailalternateaddress"
Logical it's something like
        unique_uri (ldap:///dc=basedn?mail?sub?) OR 
(ldap:///dc=basedn?mail?sub?)

Now I fail to correctly translate that to a valid configuration.
https://www.openldap.org/software/man.cgi?query=slapo-unique say "unique_uri 
<[strict ][ignore ]URI[URI...]...>"
with a formal definition of URI "ldap:///[base 
dn]?[attributes...]?scope[?filter]"
It also say "Multiple URIs may be specified within a domain, allowing complex 
selections of objects."

As the manpage doesn't give an example I tried:
        unique_uri ldap:///dc=ldap?mailalternateaddress?sub 
ldap:///dc=ldap?mail?sub

slapd logs
        5c445384 /etc/openldap/slapd.conf: line 149 (unique_uri 
ldap:///dc=ldap?mailalternateaddress?sub ldap:///dc=ldap?mail?sub)
        -> slapd starts but uniqueness is not enforced

So I tried multiple versions:
To make it readable: uri1=ldap:///dc=ldap?mailalternateaddress?sub
                     uri2=ldap:///dc=ldap?mail?sub

        unique_uri uri1 uri2    
        unique_uri uri1uri2
        unique_uri uri1,uri2
        unique_uri uri1, uri2
        unique_uri "uri1 uri2"
        unique_uri "uri1""uri2"
        unique_uri "uri1","uri2"
        unique_uri "uri1", "uri2"

Mostly slapd failed to start with an error "invalid ldap urilist"
If slapd started, the uniqueness wasn't enforced
One version (unique_uri "uri1 uri2") result in slapd consume 100% cpu time.

Anybody have a hint how to enforce uniqueness on multiple attributes?

Andreas

Reply via email to