Re: Unique overlay confusing
Hi Quanah,
thanks for your reply,
On Wed, Aug 29, 2018 at 09:17:25AM -0700, Quanah Gibson-Mount wrote:
--On Thursday, August 09, 2018 9:51 AM +0200 Ervin Hegedüs
<airween(a)gmail.com> wrote:
>>olcUniqueURI: ldap:///?uid?sub?
>>olcUniqueURI: ldap:///?mail?sub?
>>olcUniqueURI: ldap:///?uidNumber?sub?
>>olcUniqueURI: ldap:///?sn?sub?
>>olcUniqueURI: ldap:///?cn?sub?
I've removed these directives:
>>olcUniqueURI: ldaps:///?uid?sub?
>>olcUniqueURI: ldaps:///?mail?sub?
>>olcUniqueURI: ldaps:///?uidNumber?sub?
>>olcUniqueURI: ldaps:///?sn?sub?
>>olcUniqueURI: ldaps:///?cn?sub?
Using "ldaps://" here is invalid. These are internal searches that don't
use the LDAP protocol.
thanks,
One thing you've not shown in your configurations is whether or
not the
{1}mdb,cn=config DB has a rootdn configured for that database instance. As
noted in the man page, a rootdn is required on the specific database
instance for the overlay to function:
" The search is performed using the rootdn of the database, to avoid
issues with ACLs preventing the overlay from seeing all of the relevant
data. As such, the database must have a rootdn configured."
you think about this?
slapcat -b cn=config | less
...
dn: olcDatabase={1}mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {1}mdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=hu
...
olcRootDN: cn=admin,dc=hu
...
Additionaly, you haven't noted how you are making the
modifications to add
the duplicate entries. Again, as noted in the man page:
" Replication and operations with manageDsaIt control are allowed to
bypass this enforcement. It is therefore important that all servers
accepting writes have this overlay configured in order to maintain
uniqueness in a replicated DIT.."
So it is possible the LDAP client you are using to make the modifications is
setting the manageDsaIT control.
I'm using jXplorer, I didn't found any manageDsaIt settings, so I
assume that it doesn't support, perhaps I can't bypass the
enforcement - but may be I'm wrong.
The unique key constraint still doesn't work.
Thanks again for your help,
a.