Hello,

my goal it to extend a uniqueness configuration. I do already enforce uniqueness of mail addresses:

slapd.conf: moduleload unique.la overlay unique unique_uri ldap:///dc=basedn?mail?sub?

that works.

Now also address rewriting data should be migrated LDAP. Rewriting addresses are stored in the attribute "mailalternateaddress" Requirement: no address may occur twice no matter if stored as "mail" or "mailalternateaddress" Logical it's something like unique_uri (ldap:///dc=basedn?mail?sub?) OR (ldap:///dc=basedn?mail?sub?)

Now I fail to correctly translate that to a valid configuration. https://www.openldap.org/software/man.cgi?query=slapo-unique say "unique_uri <[strict ][ignore ]URI[URI...]...>" with a formal definition of URI "ldap:///[base dn]?[attributes...]?scope[?filter]" It also say "Multiple URIs may be specified within a domain, allowing complex selections of objects."

As the manpage doesn't give an example I tried: unique_uri ldap:///dc=ldap?mailalternateaddress?sub ldap:///dc=ldap?mail?sub

slapd logs 5c445384 /etc/openldap/slapd.conf: line 149 (unique_uri ldap:///dc=ldap?mailalternateaddress?sub ldap:///dc=ldap?mail?sub) -> slapd starts but uniqueness is not enforced

So I tried multiple versions: To make it readable: uri1=ldap:///dc=ldap?mailalternateaddress?sub uri2=ldap:///dc=ldap?mail?sub

unique_uri uri1 uri2 unique_uri uri1uri2 unique_uri uri1,uri2 unique_uri uri1, uri2 unique_uri "uri1 uri2" unique_uri "uri1""uri2" unique_uri "uri1","uri2" unique_uri "uri1", "uri2"

Mostly slapd failed to start with an error "invalid ldap urilist" If slapd started, the uniqueness wasn't enforced One version (unique_uri "uri1 uri2") result in slapd consume 100% cpu time.

Anybody have a hint how to enforce uniqueness on multiple attributes?

Andreas