[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapo-unique spins its wheels on a non-trivial olcUniqueURI spec

Michael, hello.

Thanks for your response.

On 10 Sep 2019, at 19:33, Michael Ströder wrote:

The above is invalid. Your LDIF should contain separate attribute values for each unique URI:

olcUniqueURI: ldap:///ou=dept-A,o=example?uidnumber?sub
olcUniqueURI: ldap:///ou=dept-B,o=example?uidnumber?sub

The problem is that both the manpage and the source-code comments seem to state that the attribute can take multiple values. Quoting from the manpage:

 Multiple URIs may be specified within a domain,
allowing complex selections of objects. Multiple unique_uri statements or olcUniqueURI attributes will create independent

I interpret that as saying that each olcUniqueURI attribute corresponds to, or implies, an 'independent domain', and that 'Multiple URIs may be specified within a domain' indicates that a domain can be specified by multiple ldap:/// URIs (though it doesn't say, for example, whether these are composed using UNION or something else). That is, if this text _isn't_ intended to say that there may be multiple olcUniqueURI attributes, each of which can have multiple URIs, then it should be rewritten.

I would interpret your rewritten version as saying that uidnumber attributes should be unique in ou=dept-A, and that they should be unique in ou=dept-B (ie, they are independent), but not that they should be unique in (ou=dept-A UNION ou=dept-B), which is what I want.

So there is at least a documentation gap here.

Of course slapd should not run crazy because of this.

Is there enough information in my previous message for me to add a reasonable ITS report, do you think?

You can look at a running example config (cn=config read-only):

Thanks -- this is very useful (and also nudges investigating Ædir further up my list). I'll study those.

Best wishes,


Norman Gray  :  https://nxg.me.uk