6:54 a.m.
Hi Clement,
Thanks for your quick answer!
I tried your suggestion, but it does not really like it:
/usr/local/etc/openldap/slapd.conf: line 90: unknown directive <unique_uri>
inside backend database definition.
I'm going to try now to have only the unique_uri section at the end.
Stay tuned!
Simone
2015-08-24 15:18 GMT+02:00 Clément OUDOT <clement.oudot(a)savoirfairelinux.com
:
Le 24/08/2015 15:05, Simone Taliercio a écrit :
> Hi All!
>
> I'm trying to enforce the fact that the mail attribute has to be unique.
> In order to do it I tried to enable the unique overlay. Unfortunately,
> OpenLDAP still allow to insert an object with the same mail value.
>
> I cannot understand where the wrong configuration occurs.
>
> My config is still based con slapd.conf . I've recompiled OpenLDAP with
> the following steps:
>
> a) ./configure --enable-modules=yes --enable-rlookups=yes --with-tls
> --with-cyrus-sasl --enable-mdb=yes --enable-bdb=yes --enable-monitor=yes
> --enable-unique
>
> b) make depend
> c) make
> d) make install
>
> Then, I added those lines to my slapd.conf
> overlay unique
> unique_uri ldap:///?mail?sub
>
> So, my develop slapd.conf looks like the one below now.
>
> Thanks a lot for any hints you can give me!
>
> Simone
>
> === slapd.conf ====
> include /usr/local/etc/openldap/schema/core.schema
> include /usr/local/etc/openldap/schema/cosine.schema
> include /usr/local/etc/openldap/schema/inetorgperson.schema
> include /usr/local/etc/openldap/schema/nis.schema
>
> pidfile /usr/local/var/run/slapd.pid
> argsfile /usr/local/var/run/slapd.args
>
>
> database config
> rootdn "cn=admin,cn=config"
>
> # Security - TLS section
> TLSCACertificateFile /certs/CA.pem
> TLSCertificateFile /certs/certificate.cer
> TLSCertificateKeyFile /certs/company.key
> TLSCipherSuite TLSv1+RSA:!NULL
> TLSVerifyClient never
>
> # Use LMDB database.
> database mdb
> overlay unique
> suffix "dc=com"
> rootdn "cn=Manager,dc=com"
> maxsize 16058941440
> rootpw secret
> directory /usr/local/var/openldap-data/databases/com
> index mail eq
> index cn eq
> index objectClass eq
>
> # mail is a unique attribute
> unique_uri ldap:///?mail?sub?
>
> access to dn.subtree="ou=user,dc=company1,dc=com"
> attrs=cn,sn,givenName,mail,userPassword
> by dn.exact="cn=specificuser,ou=user,dc=company1,dc=com" search
> by anonymous auth
>
> access to dn.subtree="ou=user,dc=company2,dc=com"
> attrs=cn,sn,givenName,mail,userPassword
> by dn.exact="cn=specificuser,ou=user,dc=company2,dc=com" write
> by anonymous auth
>
> access to dn.subtree="dc=com"
> by users read
> by anonymous auth
>
>
Hi,
you should declare the overlay below the database, like this:
# Use LMDB database.
database mdb
suffix "dc=com"
rootdn "cn=Manager,dc=com"
maxsize 16058941440
rootpw secret
directory /usr/local/var/openldap-data/databases/com
index mail eq
index cn eq
index objectClass eq
access to dn.subtree="ou=user,dc=company1,dc=com"
attrs=cn,sn,givenName,mail,userPassword
by dn.exact="cn=specificuser,ou=user,dc=company1,dc=com" search
by anonymous auth
access to dn.subtree="ou=user,dc=company2,dc=com"
attrs=cn,sn,givenName,mail,userPassword
by dn.exact="cn=specificuser,ou=user,dc=company2,dc=com" write
by anonymous auth
access to dn.subtree="dc=com"
by users read
by anonymous auth
# mail is a unique attribute
overlay unique
unique_uri ldap:///?mail?sub?
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
87, rue de Turbigo - 75003 PARIS