Apache Directory Studio works as well as JExplorer and has ManageDsaIT controls. The version you download needs to match the bit-rate of the Java Runtime Environment (32 or 64-bit) you have installed.
http://directory.apache.org/studio/
Jason Trupp Symas Corporation (855) LDAP-GUY
-----Original Message----- From: openldap-technical openldap-technical-bounces@openldap.org On Behalf Of Ervin Hegedüs Sent: Thursday, August 30, 2018 2:36 AM To: Quanah Gibson-Mount quanah@symas.com Cc: Michael Ströder michael@stroeder.com; openldap-technical@openldap.org Subject: Re: Unique overlay confusing
Hi Quanah,
thanks for your reply,
On Wed, Aug 29, 2018 at 09:17:25AM -0700, Quanah Gibson-Mount wrote:
--On Thursday, August 09, 2018 9:51 AM +0200 Ervin Hegedüs airween@gmail.com wrote:
olcUniqueURI: ldap:///?uid?sub? olcUniqueURI: ldap:///?mail?sub? olcUniqueURI: ldap:///?uidNumber?sub? olcUniqueURI: ldap:///?sn?sub? olcUniqueURI: ldap:///?cn?sub?
I've removed these directives:
olcUniqueURI: ldaps:///?uid?sub? olcUniqueURI: ldaps:///?mail?sub? olcUniqueURI: ldaps:///?uidNumber?sub? olcUniqueURI: ldaps:///?sn?sub? olcUniqueURI: ldaps:///?cn?sub?
Using "ldaps://" here is invalid. These are internal searches that don't use the LDAP protocol.
thanks,
One thing you've not shown in your configurations is whether or not the {1}mdb,cn=config DB has a rootdn configured for that database instance. As noted in the man page, a rootdn is required on the specific database instance for the overlay to function:
" The search is performed using the rootdn of the database, to avoid issues with ACLs preventing the overlay from seeing all of the relevant data. As such, the database must have a rootdn configured."
you think about this?
slapcat -b cn=config | less ...
dn: olcDatabase={1}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {1}mdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=hu ... olcRootDN: cn=admin,dc=hu ...
Additionaly, you haven't noted how you are making the modifications to add the duplicate entries. Again, as noted in the man page:
" Replication and operations with manageDsaIt control are allowed to bypass this enforcement. It is therefore important that all servers accepting writes have this overlay configured in order to maintain uniqueness in a replicated DIT.."
So it is possible the LDAP client you are using to make the modifications is setting the manageDsaIT control.
I'm using jXplorer, I didn't found any manageDsaIt settings, so I assume that it doesn't support, perhaps I can't bypass the enforcement - but may be I'm wrong.
The unique key constraint still doesn't work.
Thanks again for your help,
a.