Andrew Findlay andrew.findlay@skills-1st.co.uk wrote:
now I do can ldapadd these ldif-s successfully ---[ ldif ]------------------------------------------------------------ dn: authorizedService=xmpp.org,uid=jdoe,ou=People,dc=org authorizedService: xmpp.org ... uid: john
dn: authorizedService=xmpp.org,uid=jsmith,ou=People,dc=org authorizedService: xmpp.org ... uid: john ---[ ldif ]------------------------------------------------------------
Both those entries have one uid in the entry and a different one in the DN. The one in the DN refers to the parent entry in each case so it is legal but maybe not what you want.
no, it is, indeed
I dedicate these DN-s for services, so each such DN *can and supposed to* use any (in theory) uid in the entry, the user can ask for
in particular, I do not see another way to authenticate users of different domains(for email)/realms(for xmpp) against the same LDAP DB
It may be enough for you to simply prevent the non-uniqueness. You can do that using the 'unique' overlay:
mmm ... will not it prevent non-uniqueness only for parent DN-s? while what I'm trying to ask (I'm sorry for muddled up explanation what I mean) about is - uniqueness for the uid *in* the entry ... so, the uniqueness of the attribute `uid' among all DN-s containing authorizedService=target-service
something like:
dn: authorizedService=target-service,uid=target-service_ALLOWED-USER,ou=People,dc=org authorizedService=target-service uid=UNIQUE-AMONG-ALL_target-service_USERS-VALUE