On Fri, Sep 27, 2013 at 10:16:43PM +0200, Michael Ströder wrote: > Did not follow this thread closely. But one should be aware of ITS#6825 when > planning to use slapo-unique for a more complex setup. > > unique_uri filter reaching beyond its intended target > http://www.openldap.org/its/index.cgi?findid=6825
Good point. We started with these ACLs: > > overlay unique > > unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=SMTP) > > unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=IMAP) > > unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=POP3) > > unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=XMPP) > > unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=SSH) so that bug will prevent modifications to the authority entries even though adds will be processed OK. I cannot think of an easy workaround in this case :-( Andrew -- ----------------------------------------------------------------------- | From Andrew Findlay, Skills 1st Ltd | | Consultant in large-scale systems, networks, and directory services | | http://www.skills-1st.co.uk/ +44 1628 782565 | -----------------------------------------------------------------------
