2

I have just successfully configured OpenLDAP Users authentication in a single CentOS6 box, based on SSSD. Took some time and many trials, but it's working.

Now, I want to start adding users. I'm doing it manually with .ldif files, based on reference from Arch docs. The problem is - I might, by mistake, create 2 users with the same uidNumber. And that would cause strange results.

My question - is it possible to tell LDAP that uidNumber should be a unique property, and not add the user if this attribute value already existed?

Zvika
  • 223
  • 5
  • 10

1 Answers1

4

You can use the unique overlay to achieve this. See chapter 12.16 of the OpenLDAP manual and man slapo-unique (unfortunately, both still only refer the old-style configuration in slapd.conf, not the cn=config online configuration).

Sven
  • 97,248
  • 13
  • 177
  • 225
  • 1
    Based on your reference, here's the solution (using legacy slapd.conf): 1. Uncomment `moduleload unique.la` 2. Add the following lines: `overlay unique` and `unique_uri ldap:///?uidNumber?sub?` – Zvika May 12 '15 at 08:05