Apache Directory Studio works as well as JExplorer and has ManageDsaIT
controls. The version you download needs to match the bit-rate of the Java
Runtime Environment (32 or 64-bit) you have installed.
http://directory.apache.org/studio/
Jason Trupp
Symas Corporation
(855) LDAP-GUY
-----Original Message-----
From: openldap-technical <openldap-technical-bounces(a)openldap.org> On Behalf
Of Ervin Hegedüs
Sent: Thursday, August 30, 2018 2:36 AM
To: Quanah Gibson-Mount <quanah(a)symas.com>
Cc: Michael Ströder <michael(a)stroeder.com>; openldap-technical(a)openldap.org
Subject: Re: Unique overlay confusing
Hi Quanah,
thanks for your reply,
On Wed, Aug 29, 2018 at 09:17:25AM -0700, Quanah Gibson-Mount wrote:
--On Thursday, August 09, 2018 9:51 AM +0200 Ervin Hegedüs
<airween(a)gmail.com> wrote:
>>olcUniqueURI: ldap:///?uid?sub?
>>olcUniqueURI: ldap:///?mail?sub?
>>olcUniqueURI: ldap:///?uidNumber?sub?
>>olcUniqueURI: ldap:///?sn?sub?
>>olcUniqueURI: ldap:///?cn?sub?
I've removed these directives:
>>olcUniqueURI: ldaps:///?uid?sub?
>>olcUniqueURI: ldaps:///?mail?sub?
>>olcUniqueURI: ldaps:///?uidNumber?sub?
>>olcUniqueURI: ldaps:///?sn?sub?
>>olcUniqueURI: ldaps:///?cn?sub?
Using "ldaps://" here is invalid. These are internal searches that
don't use the LDAP protocol.
thanks,
One thing you've not shown in your configurations is whether or
not
the {1}mdb,cn=config DB has a rootdn configured for that database
instance. As noted in the man page, a rootdn is required on the
specific database instance for the overlay to function:
" The search is performed using the rootdn of the database, to
avoid
issues with ACLs preventing the overlay from seeing all of the
relevant
data. As such, the database must have a rootdn configured."
you think about this?
slapcat -b cn=config | less
...
dn: olcDatabase={1}mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {1}mdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=hu
...
olcRootDN: cn=admin,dc=hu
...
Additionaly, you haven't noted how you are making the
modifications to
add the duplicate entries. Again, as noted in the man page:
" Replication and operations with manageDsaIt control are
allowed to
bypass this enforcement. It is therefore important that all
servers
accepting writes have this overlay configured in order to
maintain
uniqueness in a replicated DIT.."
So it is possible the LDAP client you are using to make the
modifications is setting the manageDsaIT control.
I'm using jXplorer, I didn't found any manageDsaIt settings, so I assume
that it doesn't support, perhaps I can't bypass the enforcement - but may be
I'm wrong.
The unique key constraint still doesn't work.
Thanks again for your help,
a.