Thanks for your answer,
Le 30/07/2013 18:55, Michael Ströder a écrit :
Philippe MARASSE wrote:
I'm trying to enable unique overlay to enforce uniqueness of uid and mailattributes with no luck. [..] The first time, I've used the main administrative account. So I created a sub administrator account, changed the ACLs, fine. Deleted the two entries, recreated the two entries with the same mail without error.
I've tried to put slapd in debug mode, the only ting I've noticed is :
51f7df1e >>> dnPrettyNormal: <uid=test2,ou=people,dc=mydomain,dc=com> 51f7df1e <<< dnPrettyNormal: <uid=test2,ou=people,dc=mydomain,dc=com>, <uid=test2,ou=people,dc=mydomain,dc=com> 51f7df1e ==> unique_modify <uid=test2,ou=people,dc=mydomain,dc=com> 51f7df1e *unique_modify: administrative bypass, skipping* 51f7df1e bdb_dn2entry("uid=test2,ou=people,dc=mydomain,dc=com") 51f7df1e bdb_entry_get: rc=0
If someone has a clue...
It's a bit unclear what you're really doing. There are/were some bugs in slapo-unique but not sure whether you're hitting them without seeing *exactly* how you perform the client operations.
I've tested : - adding an entry with non-unique mail attribute - modifying an entry to make mail non unique
Maybe you could try to provide the LDIF input data and commands you're using. Which client?
jxplorer
Which options?
A good question indeed ! I'm using jxplorer from stock install without customization.
AFAICS in the source the bypass message is only written to log in case of ManageDSAIT control being used during ldapadd/ldapmodify. You should really understand what's the effect of LDAPv3 extended controls before using them.
Hmmm, interesting, if ManageDSAIT option is used, I'm not yet aware of that. I'll track jxplorer behavior today.
May should I test with another ldap tool ?
Many thanks. Rgds.