Hello, I've a openldap master and numerous sync replica servers running. I'm suspect my master contain mail attributes that aren't unique. My idea was to build an other sync replica with unique overlay enabled. The 'empty' sync replica will fetch data from master and complain about values that aren't unique. I would discard that replica, correct the master database and start replication again until replication succeed. But then there was reality :-/ I placed an deliberately none-unique value in my database but replication did not fail. The replica did contain two DNs with "mail=none-unique(a)example.test". syncrepl.conf: moduleload mdb.la moduleload unique.la database mdb suffix ou=test ... overlay unique uniqiue_uri ldap:///ou=test?mail?sub? index ... limits ... syncrepl rid=1 privider=ldap://master.example ... access ... Q: is this setup wrong? Q: is replication the right way to enforce uniqueness? Looks like the answer is "no" Q: what is "the" better way? Andreas