Le 30/04/2019 à 21:02, Michael Ströder a écrit : > On 4/30/19 12:20 PM, pascal.fou...@orange.com wrote: >> => extented flags >> >> https://ldapwiki.com/wiki/Extended%20Flags > Most of these attribute type description extensions are not relevant for > OpenLDAP at all. > >> I've tried several configurations such as : >> - define xuid attribute using uid as a parent attribute type >> >> olcAttributeTypes: {76}( ORANGE-AT:77 NAME 'xuid' SUP uid EQUALITY >> caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX >> 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE ) > You should *not* use SUP uid unless you're 100% sure about its > implications regarding matching rules also affecting index use and > slapo-unique. > >> - define xuid attribute using uid as a parent attribute type with >> additional extended flags >> >> olcAttributeTypes: {76}( ORANGE-AT:77 NAME 'xuid' SUP uid EQUALITY >> caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX >> 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE X-NDS_NAME 'uniqueID' >> X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '64' X-NDS_PUBLIC_READ '0' >> X-NDS_NONREMOVABLE '0' ) > Everything starting with X-NDS only applies to Novell eDirectory (or > whatever it's called today) and thus is useless. > > For the rest see (as Quanah suggested): > https://www.openldap.org/software/man.cgi?query=slapo-unique
Hello, as said by others, you indeed need to configure the unique overlay. You can also have a look to constraint overlay to add other checks, like regexp or size. https://www.openldap.org/software/man.cgi?query=slapo-constraint -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com
