Hi!

Actually not having SINGLE-VALUE does not mean you MUST have multiple values: If writes are performed by some controlled app, then the app can make sure that the attribute actually is a SINGLE-VALUE. Or you define a cleanup process that finds and eliminates multiple mail values (after they were set already).

Kind regards, Ulrich

-----Original Message----- From: A. Schulze sca@andreasschulze.de Sent: Wednesday, December 4, 2024 12:56 PM To: openldap-technical@openldap.org Subject: [EXT] make the attribute mail SINGLE-VALUE

Hello,

I'm planing a schema to store data (mostly mail addresses) in OpenLDAP.

one (soft) requirement: the mail address should be a single value. secondary addresses goes in an other attribute which allow multiple values.

The only way I found for now is to copy the definition of 'mail' in core.schema [1] and write

attributetype ( <my oid> NAME ( 'mail-sv' ) DESC 'RFC1274: RFC822 Mailbox (copy from core.schema, but SINGLE- VALUE)' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )

This would work but it's not convenient: Everybody expect a mail address in a attribute named "mail", not "mail-sv"

Are there other options to fulfill the requirement or makes the requirement at all no sense? I appreciate any comments.

Andreas

[1] https://github.com/openldap/openldap/blob/master/servers/slapd/schema /core.schema#L554-L559