Thanks for your answer,
Le 30/07/2013 18:55, Michael Ströder a écrit :
Philippe MARASSE wrote:
> I'm trying to enable unique overlay to enforce uniqueness of uid and mail
> attributes with no luck.
> [..]
> The first time, I've used the main administrative account. So I created a sub
> administrator account, changed the ACLs, fine. Deleted the two entries,
> recreated the two entries with the same mail without error.
>
> I've tried to put slapd in debug mode, the only ting I've noticed is :
>
> 51f7df1e >>> dnPrettyNormal: <uid=test2,ou=people,dc=mydomain,dc=com>
> 51f7df1e <<< dnPrettyNormal:
<uid=test2,ou=people,dc=mydomain,dc=com>,
> <uid=test2,ou=people,dc=mydomain,dc=com>
> 51f7df1e ==> unique_modify <uid=test2,ou=people,dc=mydomain,dc=com>
> 51f7df1e *unique_modify: administrative bypass, skipping*
> 51f7df1e bdb_dn2entry("uid=test2,ou=people,dc=mydomain,dc=com")
> 51f7df1e bdb_entry_get: rc=0
>
> If someone has a clue...
It's a bit unclear what you're really doing. There are/were some bugs in
slapo-unique but not sure whether you're hitting them without seeing *exactly*
how you perform the client operations.
I've tested :
- adding an entry with non-unique mail attribute
- modifying an entry to make mail non unique
Maybe you could try to provide the LDIF input data and commands you're using.
Which client?
jxplorer
Which options?
A good question indeed ! I'm using jxplorer
from stock install without customization.
AFAICS in the source the bypass message is only written to log in case of
ManageDSAIT control being used during ldapadd/ldapmodify. You should really
understand what's the effect of LDAPv3 extended controls before using them.
Hmmm, interesting, if ManageDSAIT option is used, I'm not yet aware of that.
I'll track
jxplorer behavior today.
May should I test with another ldap tool ?
Many thanks.
Rgds.
--
Philippe MARASSE
Service Informatique - Centre Hospitalier Henri Laborit
CS 10587 - 370 avenue Jacques Coeur
86021 Poitiers Cedex
Tel : 05.49.44.57.19