Hi Quanah,
I am running openldap from bitnami docker - https://github.com/bitnami/containers/tree/main/bitnami/openldap/2.6/debian- 12
So there is not slapd.conf: $ slapcat -n 0 could not stat config file "/opt/bitnami/openldap/etc/openldap/slapd.conf": No such file or directory (2) slapcat: bad configuration file!
Nevertheless, I ran this search:
ldapsearch -Y EXTERNAL -H ldapi:/// -LLL -b cn=config > /bitnami/openldap/data/config
And tried to find the related config:
$ grep -i unique config r uniquely identifying a user in an administrative domain' EQUALITY integerMa r uniquely identifying a group in an administrative domain' EQUALITY integerM olcAttributeTypes: {38}( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC 'RFC2256: X .500 unique identifier' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.115.1 olcAttributeTypes: {42}( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: unique me mber of a group' EQUALITY uniqueMemberMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 olcObjectClasses: {15}( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'RFC2256: a gr oup of unique names (DN and Unique Identifier)' SUP top STRUCTURAL MUST ( uni ESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR olcAttributeTypes: {28}( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DE SC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14 $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ pre
$ grep -I overlay config olcObjectIdentifier: olmOverlayAttributes olmSubSystemAttributes:2 olcObjectIdentifier: olmOverlayObjectClasses olmSubSystemObjectClasses:2 olcObjectIdentifier: olmSyncReplAttributes olmOverlayAttributes:1 olcObjectIdentifier: olmSyncReplObjectClasses olmOverlayObjectClasses:1 olcAttributeTypes: ( OLcfgGlAt:34 NAME 'olcOverlay' SUP olcDatabase SINGLE-VAL olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.11 NAME 'monitorOverlay' DESC ' name of overlays defined for a given database' SUP monitoredInfo NO-USER-MODI olcObjectClasses: ( OLcfgGlOc:5 NAME 'olcOverlayConfig' DESC 'OpenLDAP Overlay -specific options' SUP olcConfig STRUCTURAL MUST olcOverlay MAY olcDisabled ) abeledURI $ monitoredInfo $ managedInfo $ monitorOverlay ) ) ider configuration' SUP olcOverlayConfig STRUCTURAL MAY ( olcSpCheckpoint $ o dn: olcOverlay={0}syncprov,olcDatabase={2}mdb,cn=config objectClass: olcOverlayConfig olcOverlay: {0}syncprov
So it seems I have nothing in my config for unique. The only olcOverlay in use in for syncprov.
Another point: Inside container I have some modules in folder /opt/bitnami/openldap/lib/openldap
Among several libs, unique and syncprov:
lrwxrwxrwx 1 root root 17 Aug 18 2023 unique.so -> unique.so.2.0.200 lrwxrwxrwx 1 root root 17 Aug 18 2023 unique.so.2 -> unique.so.2.0.200 -rwxr-xr-x 1 root root 39424 Aug 18 2023 unique.so.2.0.200 lrwxrwxrwx 1 root root 19 Aug 18 2023 syncprov.so -> syncprov.so.2.0.200 lrwxrwxrwx 1 root root 19 Aug 18 2023 syncprov.so.2 -> syncprov.so.2.0.200 -rwxr-xr-x 1 root root 92736 Aug 18 2023 syncprov.so.2.0.200
From compose file I enable syncprov for replication environment: - LDAP_ENABLE_SYNCPROV=yes
And I can see the files to enable syncprov: $ cat /opt/bitnami/openldap/share/syncprov_create_overlay_configuration.ldif dn: olcOverlay=syncprov,olcDatabase={2}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov olcSpCheckpoint: 100 10 olcSpSessionLog: 100
-----Original Message----- From: Quanah Gibson-Mount quanah@fast-mail.org Sent: Thursday, February 29, 2024 5:33 PM To: CALDEIRA JAVIEL Sandro sandro.caldeirajaviel@urbanandmainlines.com; openldap-technical@openldap.org Subject: RE: Disable uniqueness for mail Attribute
[You don't often get email from quanah@fast-mail.org. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
--On Thursday, February 29, 2024 1:35 PM +0000 CALDEIRA JAVIEL Sandro sandro.caldeirajaviel@urbanandmainlines.com wrote:
Hi Quanah,
I am not sure how slapo-unique works. I am struggling with the syntax. How can I check current config concerning it?
Does your configuration even use slapo-unique? That's the first question you need to answer. Assuming you are using cn=config, you can use slapcat -n 0 -l /tmp/config.ldif to export your full configuration and examine it to see if it uses the unique overlay at all.
--Quanah