Andrew Findlay <[email protected]> wrote: > > now I do can ldapadd these ldif-s successfully > > ---[ ldif ]------------------------------------------------------------ > > dn: authorizedService=xmpp.org,uid=jdoe,ou=People,dc=org > > authorizedService: xmpp.org > > ... > > uid: john > > > > dn: authorizedService=xmpp.org,uid=jsmith,ou=People,dc=org > > authorizedService: xmpp.org > > ... > > uid: john > > ---[ ldif ]------------------------------------------------------------ > > Both those entries have one uid in the entry and a different one in > the DN. The one in the DN refers to the parent entry in each case so > it is legal but maybe not what you want.
no, it is, indeed I dedicate these DN-s for services, so each such DN *can and supposed to* use any (in theory) uid in the entry, the user can ask for in particular, I do not see another way to authenticate users of different domains(for email)/realms(for xmpp) against the same LDAP DB > > It may be enough for you to simply prevent the non-uniqueness. You can > do that using the 'unique' overlay: > mmm ... will not it prevent non-uniqueness only for parent DN-s? while what I'm trying to ask (I'm sorry for muddled up explanation what I mean) about is - uniqueness for the uid *in* the entry ... so, the uniqueness of the attribute `uid' among all DN-s containing authorizedService=target-service something like: dn: authorizedService=target-service,uid=target-service_ALLOWED-USER,ou=People,dc=org authorizedService=target-service uid=UNIQUE-AMONG-ALL_target-service_USERS-VALUE -- Zeus V. Panchenko jid:[email protected] IT Dpt., I.B.S. LLC GMT+2 (EET)
