Pierangelo,
Thanks again.
I've moved the overlay configuration part after the database configuration part, but I still get the same problem - adding the second entry fails due to a constraint violation when it should succeed. Is there anything else I can try or should I file and ITS?
Kyle Blaney
-----Original Message----- From: Pierangelo Masarati [mailto:masarati@aero.polimi.it] Sent: July 22, 2009 4:22 AM To: Blaney, Kyle (BVW:9T16) Cc: openldap-software@openldap.org Subject: Re: Unique overlay usage with filter
Kyle Blaney wrote:
Pierangelo,
Thanks for your help so far.
In attempting to reproduce my problem with a minimal slapd.conf that I
could post, I am now encountering a slightly different problem related
to the unique overlay. In particular, I get an LDAP constraint violation when attempting to add an entry that should be allowed.
Here's my complete slapd.conf:
ucdata-path data include schema/core.schema include schema/cosine.schema include schema/inetorgperson.schema include schema/nortel.schema backend bdb database bdb overlay unique unique_uri ldap:///?uid?sub?(sn=e*) suffix "dc=Nortel,dc=com" rootdn "cn=Administrator,dc=Nortel,dc=com" rootpw adminpwd directory data index sn eq,sub index cn eq,sub
Here are the steps to reproduce my current problem (all modifications are made using the configured rootdn):
- Add an entry with uid=a and sn=e.
- Add a second entry with uid=a and sn=f.
The second entry is not added. Instead, OpenLDAP returns error code 19 (constraint violation) with a message of "some attributes are not unique". When I comment out the unique_uri line in slapd.conf and restart slapd, the second entry can be added successfully.
Have I configured something incorrectly?
The overlay part should go after all the database part, i.e.
database bdb suffix "dc=Nortel,dc=com" rootdn "cn=Administrator,dc=Nortel,dc=com" rootpw adminpwd directory data index sn eq,sub index cn eq,sub
overlay unique unique_uri ldap:///?uid?sub?(sn=e*)
so the overlay configuration can properly check dependencies on database data. Don't know whether this fixes your issue, though.
p.