.TH SLAPO-UNIQUE 5 "RELEASEDATE" "OpenLDAP LDVERSION" .\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-unique.5,v 1.2.2.6 2007/01/02 21:43:45 kurt Exp $ .SH NAME slapo-unique \- Attribute Uniqueness overlay .SH SYNOPSIS ETCDIR/slapd.conf .SH DESCRIPTION The Attribute Uniqueness overlay can be used with a backend database such as .BR slapd-bdb (5) to enforce the uniqueness of some or all attributes within a subtree. This subtree defaults to the base DN of the database for which the Uniqueness overlay is configured. .LP Uniqueness is enforced by searching the subtree to ensure that the values of all attributes presented with an .BR add , .B modify or .B modrdn operation are unique within the subtree. For example, if uniqueness were enforced for the .B uid attribute, the subtree would be searched for any other records which also have a .B uid attribute containing the same value. If any are found, the request is rejected. .SH CONFIGURATION These .B slapd.conf options apply to the Attribute Uniqueness overlay. They should appear after the .B overlay directive. .TP .B unique_base Configure the subtree against which uniqueness searches will be invoked. The .B basedn defaults to the base DN of the database for which uniqueness is configured. .TP .B unique_ignore Configure one or more attributes for which uniqueness will not be enforced. If not configured, all non-operational (eg, system) attributes must be unique. Note that the .B unique_ignore list should generally contain the .BR objectClass , .BR dc , .B ou and .B o attributes, as these will generally not be unique, nor are they operational attributes. .TP .B unique_attributes Specify one or more attributes for which uniqueness will be enforced. If not specified, all attributes which are not operational (eg, system attributes such as .B entryUUID ) or specified via the .B unique_ignore directive above must be unique within the subtree. .TP .B unique_strict By default, uniqueness is not enforced for null values. Enabling .B unique_strict mode extends the concept of uniqueness to include null values, such that only one attribute within a subtree will be allowed to have a null value. .SH CAVEATS .LP The search key is generated with attributes that are non-operational, not on the .B unique_ignore list, and included in the .B unique_attributes list, in that order. This makes it possible to create interesting and unusable configurations. Usually only one of .B unique_ignore or .B unique_attributes should be configured; use .B unique_ignore if the majority of attributes should be unique, and use .B unique_attributes if only a small set of attributes should be unique. .LP Typical attributes for the .B unique_ignore directive are intentionally not hardcoded into the overlay to allow for maximum flexibility in meeting site-specific requirements. .SH FILES .TP ETCDIR/slapd.conf default slapd configuration file .SH SEE ALSO .BR slapd.conf (5).