On 05/06/2015 17:41, michael@stroeder.com wrote:

Full_Name: Michael Str.der Version: HEAD OS: URL: Submission from: (NULL) (212.227.35.94)

It would be handy if slapo-unique could set matchedDN along with result code constraintViolation(19) to a DN of an existing entry causing the constraint to fail.

I think this would violate the purpose and specification of matchedDN. It would be more appropriate to have that piece of info returned within the control value of a specifically designed response control, when the control is explicitly requested. What you're asking for could perhaps be logged, if it isn't yet. My 2c.

Ciao, p.

To avoid information disclosure ACL checking could be performed to determine whether the bound identity has at least search privilege on the entry pseudo attr and unique attr.