Apache Directory Studio works as well as JExplorer and has ManageDsaIT controls. The version you download needs to match the bit-rate of the Java Runtime Environment (32 or 64-bit) you have installed.
http://directory.apache.org/studio/ Jason Trupp Symas Corporation (855) LDAP-GUY -----Original Message----- From: openldap-technical <[email protected]> On Behalf Of Ervin Hegedüs Sent: Thursday, August 30, 2018 2:36 AM To: Quanah Gibson-Mount <[email protected]> Cc: Michael Ströder <[email protected]>; [email protected] Subject: Re: Unique overlay confusing Hi Quanah, thanks for your reply, On Wed, Aug 29, 2018 at 09:17:25AM -0700, Quanah Gibson-Mount wrote: > --On Thursday, August 09, 2018 9:51 AM +0200 Ervin Hegedüs > <[email protected]> wrote: > > > >>olcUniqueURI: ldap:///?uid?sub? > >>olcUniqueURI: ldap:///?mail?sub? > >>olcUniqueURI: ldap:///?uidNumber?sub? > >>olcUniqueURI: ldap:///?sn?sub? > >>olcUniqueURI: ldap:///?cn?sub? I've removed these directives: > >>olcUniqueURI: ldaps:///?uid?sub? > >>olcUniqueURI: ldaps:///?mail?sub? > >>olcUniqueURI: ldaps:///?uidNumber?sub? > >>olcUniqueURI: ldaps:///?sn?sub? > >>olcUniqueURI: ldaps:///?cn?sub? > > Using "ldaps://" here is invalid. These are internal searches that > don't use the LDAP protocol. thanks, > One thing you've not shown in your configurations is whether or not > the {1}mdb,cn=config DB has a rootdn configured for that database > instance. As noted in the man page, a rootdn is required on the > specific database instance for the overlay to function: > > " The search is performed using the rootdn of the database, to > avoid > issues with ACLs preventing the overlay from seeing all of the > relevant > data. As such, the database must have a rootdn configured." you think about this? slapcat -b cn=config | less ... dn: olcDatabase={1}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {1}mdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=hu ... olcRootDN: cn=admin,dc=hu ... > Additionaly, you haven't noted how you are making the modifications to > add the duplicate entries. Again, as noted in the man page: > > " Replication and operations with manageDsaIt control are > allowed to > bypass this enforcement. It is therefore important that all > servers > accepting writes have this overlay configured in order to > maintain > uniqueness in a replicated DIT.." > > So it is possible the LDAP client you are using to make the > modifications is setting the manageDsaIT control. I'm using jXplorer, I didn't found any manageDsaIt settings, so I assume that it doesn't support, perhaps I can't bypass the enforcement - but may be I'm wrong. The unique key constraint still doesn't work. Thanks again for your help, a.
