3 Jul
2015
3 Jul
'15
1:45 a.m.
Ferenc Wagner wrote:
Hi,
We use (among others) this unique domain in a database:
olcUniqueURI: ldap:///?gidNumber?sub?objectClass=posixGroup
so that we can't create two groups with the same gidNumber. The problem is that this rule also denies the creation of a posixAccount belonging to an already existing posixGroup. Of course there is no problem creating the account first and the group later. How could we overcome this ordering limitation?
This is a bug in slapo-unique ignoring the filter part:
http://www.openldap.org/its/index.cgi?findid=6825
You can work around this if your group entries all reside in a separate subtree and you use the DN portion in the olcUniqueURI value.
Ciao, Michael.