--On Thursday, August 09, 2018 9:51 AM +0200 Ervin Hegedüs airween@gmail.com wrote:
olcUniqueURI: ldap:///?uid?sub? olcUniqueURI: ldap:///?mail?sub? olcUniqueURI: ldap:///?uidNumber?sub? olcUniqueURI: ldap:///?sn?sub? olcUniqueURI: ldap:///?cn?sub? olcUniqueURI: ldaps:///?uid?sub? olcUniqueURI: ldaps:///?mail?sub? olcUniqueURI: ldaps:///?uidNumber?sub? olcUniqueURI: ldaps:///?sn?sub? olcUniqueURI: ldaps:///?cn?sub?
Using "ldaps://" here is invalid. These are internal searches that don't use the LDAP protocol.
One thing you've not shown in your configurations is whether or not the {1}mdb,cn=config DB has a rootdn configured for that database instance. As noted in the man page, a rootdn is required on the specific database instance for the overlay to function:
" The search is performed using the rootdn of the database, to avoid issues with ACLs preventing the overlay from seeing all of the relevant data. As such, the database must have a rootdn configured."
Additionaly, you haven't noted how you are making the modifications to add the duplicate entries. Again, as noted in the man page:
" Replication and operations with manageDsaIt control are allowed to bypass this enforcement. It is therefore important that all servers accepting writes have this overlay configured in order to maintain uniqueness in a replicated DIT.."
So it is possible the LDAP client you are using to make the modifications is setting the manageDsaIT control.
Warm regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com