Andrew Findlay <[email protected]> wrote: > > mmm ... will not it prevent non-uniqueness only for parent DN-s? while > > what I'm trying to ask (I'm sorry for muddled up explanation what I mean) > > about is - uniqueness for the uid *in* the entry ... so, the uniqueness > > of the attribute `uid' among all DN-s containing > > authorizedService=target-service > > You could do that if you are prepared to have one config line for each > service. Something like: > > overlay unique > unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=SMTP) > unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=IMAP) > unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=POP3) > unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=XMPP) > unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=SSH) >
this prevents each uid=X,ou=People,dc=org from having more than one authorizedService=Y offspring ... while the original idea is to let user A to have for the service B, several uid-s but to prevent other users to have the same uids for the corresponding service ... what I mean are multiple attributes uid/userpassword "inside" the offspring not in the `dn' of the offspring: dn: authorizedService=xmpp.org,uid=jdoe,ou=People,dc=org authorizedService: xmpp.org uid: john uid: john1 uid: johnN userPassword: qwerty userPassword: qwerty1 userPassword: qwertyN cn: [email protected] sn: xmpp.org description: John Doe XMPP account at xmpp.org uidNumber: 12345 gidNumber: 23456 homeDirectory: /nonexistent loginShell: /sbin/nologin objectClass: person objectClass: posixAccount objectClass: shadowAccount objectClass: authorizedServiceObject and in this case we need to prevent some other user from having offspring with the same uid ... to prevent for user uid=johandoe,ou=People,dc=org offspring: dn: authorizedService=xmpp.org,uid=johandoe,ou=People,dc=org authorizedService: xmpp.org uid: johan uid: johan1 userPassword: qwerty userPassword: qwerty1 cn: [email protected] sn: xmpp.org description: Johan Doe XMPP account at xmpp.org uidNumber: 12345 gidNumber: 23456 homeDirectory: /nonexistent loginShell: /sbin/nologin objectClass: person objectClass: posixAccount objectClass: shadowAccount objectClass: authorizedServiceObject possibility to add another `uid: johnN' which is already used by dn: authorizedService=xmpp.org,uid=jdoe,ou=People,dc=org so, what could be the solution, please? -- Zeus V. Panchenko jid:[email protected] IT Dpt., I.B.S. LLC GMT+2 (EET)
