On 4/30/19 12:20 PM, [email protected] wrote:
> => extented flags
>
> https://ldapwiki.com/wiki/Extended%20Flags
Most of these attribute type description extensions are not relevant for
OpenLDAP at all.
> I've tried several configurations such as :
> - define xuid attribute using uid as a parent attribute type
>
> olcAttributeTypes: {76}( ORANGE-AT:77 NAME 'xuid' SUP uid EQUALITY
> caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
> 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE )
You should *not* use SUP uid unless you're 100% sure about its
implications regarding matching rules also affecting index use and
slapo-unique.
> - define xuid attribute using uid as a parent attribute type with
> additional extended flags
>
> olcAttributeTypes: {76}( ORANGE-AT:77 NAME 'xuid' SUP uid EQUALITY
> caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
> 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE X-NDS_NAME 'uniqueID'
> X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '64' X-NDS_PUBLIC_READ '0'
> X-NDS_NONREMOVABLE '0' )
Everything starting with X-NDS only applies to Novell eDirectory (or
whatever it's called today) and thus is useless.
For the rest see (as Quanah suggested):
https://www.openldap.org/software/man.cgi?query=slapo-unique
Ciao, Michael.
