On 4/30/19 12:20 PM, pascal.foulon@orange.com wrote:
=> extented flags
Most of these attribute type description extensions are not relevant for OpenLDAP at all.
I've tried several configurations such as :
- define xuid attribute using uid as a parent attribute type
olcAttributeTypes: {76}( ORANGE-AT:77 NAME 'xuid' SUP uid EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE )
You should *not* use SUP uid unless you're 100% sure about its implications regarding matching rules also affecting index use and slapo-unique.
- define xuid attribute using uid as a parent attribute type with
additional extended flags
olcAttributeTypes: {76}( ORANGE-AT:77 NAME 'xuid' SUP uid EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE X-NDS_NAME 'uniqueID' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '64' X-NDS_PUBLIC_READ '0' X-NDS_NONREMOVABLE '0' )
Everything starting with X-NDS only applies to Novell eDirectory (or whatever it's called today) and thus is useless.
For the rest see (as Quanah suggested): https://www.openldap.org/software/man.cgi?query=slapo-unique
Ciao, Michael.