Hello,
is it possible define a unique constraint across attributes? We have a mail field and a mailAlias field and would like to assure that if a mail address exists either in mail or mailAlias it cannot be added again to either field, meaning mail addresses are unique in the complete tree.
We are using OpenLDAP 2.4 and currently we use the following LDIF to load the unique module and assure that the mail attribute is unique:
dn: cn=module,cn=config cn: module objectclass: olcModuleList objectclass: top olcmoduleload: unique olcmodulepath: /usr/lib/ldap
dn: olcOverlay=unique,olcDatabase={1}hdb,cn=config objectClass: olcOverlayConfig objectClass: olcUniqueConfig olcOverlay: {0}unique olcUniqueAttribute: mail
Which LDIF would I use to assure uniqueness across mail and mailAlias?
Cheers, Stefan Schmidt
Am 12.06.19 um 13:51 schrieb Stefan Schmidt:
Hello,
is it possible define a unique constraint across attributes? We have a mail field and a mailAlias field and would like to assure that if a mail address exists either in mail or mailAlias it cannot be added again to either field, meaning mail addresses are unique in the complete tree.
We are using OpenLDAP 2.4 and currently we use the following LDIF to load the unique module and assure that the mail attribute is unique:
dn: cn=module,cn=config cn: module objectclass: olcModuleList objectclass: top olcmoduleload: unique olcmodulepath: /usr/lib/ldap
dn: olcOverlay=unique,olcDatabase={1}hdb,cn=config objectClass: olcOverlayConfig objectClass: olcUniqueConfig olcOverlay: {0}unique olcUniqueAttribute: mail
Which LDIF would I use to assure uniqueness across mail and mailAlias?
Cheers, Stefan Schmidt
see my question http://www.openldap.org/lists/openldap-technical/201905/msg00021.html and the answer http://www.openldap.org/lists/openldap-technical/201905/msg00022.html
Hello Andreas, thank you for your reply. The idea would have been to prevent duplicates across mail and mailAlias from being created in the first place, but you are right if OpenLDAP doesn't allow this then using an external script to check if the mail addresses are unique could be a workaround. Cheers, Stefan Schmidt
Am Mi., 12. Juni 2019 um 20:09 Uhr schrieb A. Schulze <sca@andreasschulze.de
:
Am 12.06.19 um 13:51 schrieb Stefan Schmidt:
Hello,
is it possible define a unique constraint across attributes? We have a
mail field and a mailAlias field and would like to assure that if a mail address exists either in mail or mailAlias it cannot be added again to either field, meaning mail addresses are unique in the complete tree.
We are using OpenLDAP 2.4 and currently we use the following LDIF to
load the unique module and assure that the mail attribute is unique:
dn: cn=module,cn=config cn: module objectclass: olcModuleList objectclass: top olcmoduleload: unique olcmodulepath: /usr/lib/ldap
dn: olcOverlay=unique,olcDatabase={1}hdb,cn=config objectClass: olcOverlayConfig objectClass: olcUniqueConfig olcOverlay: {0}unique olcUniqueAttribute: mail
Which LDIF would I use to assure uniqueness across mail and mailAlias?
Cheers, Stefan Schmidt
see my question http://www.openldap.org/lists/openldap-technical/201905/msg00021.html and the answer http://www.openldap.org/lists/openldap-technical/201905/msg00022.html
Am 17.06.19 um 11:32 schrieb Stefan Schmidt:
Hello Andreas, thank you for your reply. The idea would have been to prevent duplicates across mail and mailAlias from being created in the first place, but you are right if OpenLDAP doesn't allow this then using an external script to check if the mail addresses are unique could be a workaround.
at least it's not possible using the unique overlay only. Maybe constraints are a way but that's something I'm not familiar with.
Andreas
Stefan Schmidt wrote:
Hello Andreas, thank you for your reply. The idea would have been to prevent duplicates across mail and mailAlias from being created in the first place, but you are right if OpenLDAP doesn't allow this then using an external script to check if the mail addresses are unique could be a workaround.
You could also try writing your schema such that mail and mailAlias are related through inheritance. E.g., make mailAlias a subtype of mail, or make them both inherit from a common supertype. Then set the uniqueness constraint on the supertype.
Cheers, Stefan Schmidt
Am Mi., 12. Juni 2019 um 20:09 Uhr schrieb A. Schulze <sca@andreasschulze.de mailto:sca@andreasschulze.de>:
Am 12.06.19 um 13:51 schrieb Stefan Schmidt: > Hello, > > is it possible define a unique constraint across attributes? We have a mail field and a mailAlias field and would like to assure that if a mail address exists either in mail or mailAlias it cannot be added again to either field, meaning mail addresses are unique in the complete tree. > > We are using OpenLDAP 2.4 and currently we use the following LDIF to load the unique module and assure that the mail attribute is unique: > > dn: cn=module,cn=config > cn: module > objectclass: olcModuleList > objectclass: top > olcmoduleload: unique > olcmodulepath: /usr/lib/ldap > > dn: olcOverlay=unique,olcDatabase={1}hdb,cn=config > objectClass: olcOverlayConfig > objectClass: olcUniqueConfig > olcOverlay: {0}unique > olcUniqueAttribute: mail > > Which LDIF would I use to assure uniqueness across mail and mailAlias? > > Cheers, > Stefan Schmidt see my question http://www.openldap.org/lists/openldap-technical/201905/msg00021.html and the answer http://www.openldap.org/lists/openldap-technical/201905/msg00022.html
On 6/17/19 4:56 PM, Howard Chu wrote:
Stefan Schmidt wrote:
thank you for your reply. The idea would have been to prevent duplicates across mail and mailAlias from being created in the first place, but you are right if OpenLDAP doesn't allow this then using an external script to check if the mail addresses are unique could be a workaround.>
You could also try writing your schema such that mail and mailAlias are related through inheritance. E.g., make mailAlias a subtype of mail, or make them both inherit from a common supertype. Then set the uniqueness constraint on the supertype.
This does not work well if clients want to exactly search for a certain mail value.
The better approach is to add all mail aliases to 'mailAlias' and add a constraint which enforces 'mail' to be one of those values. Then simply have a unique constraint on 'mailAlias'. (You might have guessed: That's how mail alias are stored in Æ-DIR. ;-)
Ciao, Michael.
openldap-technical@openldap.org
-
A. Schulze -
Howard Chu -
Michael Ströder -
Stefan Schmidt