UIDs Must be Unique?
Bill Corley
Is there a way to have the directory (4.12) check for uniquness of
UIDs within a branch of the directory, but allow the same UID to exist
in another branch (where it is unique within that branch)? By default it
checks for uniqueness for the entire directory.
Bill
Robert F Petrie
o=airstraw.com. I believe you could then have the same uid but in different
organizations. That's probably not what you want, however.
Rob Brink
complete DN of the two entries?
If
DN: uid=john smith, ou=people, l=atlanta, o=airchoc.com
and
DN: uid=john smith, ou=people, l=chicago, o=airchoc.com
i believe this should be allowable within LDAP. what sort of error
message are you getting?
Rob
kathy zhang
uncheck the user id uniqueness.
- kathy
Yuandi Sialendra
1st DN:
employeenumber=0023181,ou=Employees,ou=People,o=nsc.com
2nd DN:
uid=ysialendra,ou=ITG,ou=NT Domains,o=nsc.com
Both entries have identical UID value in the UID fields in their respective
sub-tree. When we try to add the 2nd entry, it gives a err=19, which is
CONSTRAINT VIOLATION.
Thanks,
Yuandi
Rob Brink wrote:
> Bill, you're using UID as the RDN for a people entry, yes? what is the
> complete DN of the two entries?
>
> If
>
> DN: uid=john smith, ou=people, l=atlanta, o=airchoc.com
> and
> DN: uid=john smith, ou=people, l=chicago, o=airchoc.com
>
> i believe this should be allowable within LDAP. what sort of error
> message are you getting?
>
> Rob
>
Yuandi Sialendra
Unchecking the uid uniqueness would mean totally disabling the checks. Is
there possibly another way?
Thanks,
Yuandi
kathy zhang wrote:
> Go to directory adm console, in "configuration" tab: click on plug-ins,
> uncheck the user id uniqueness.
>
> - kathy
>
eurocis
plugins directives
and in particular the one called "user id uniqueness". At the end of the
line you'll find an argument for the attribut, "uid", and the baseDN,
"o=...".
Then you can copy the line and change the name of the plugin from "user id
uniqueness" to "user id uniquess in tree ..." the two name must be different
and you change the baseDN according to your tree.
Philippe
Bill Corley a écrit :
Allison Kennett
We have unchecked the UID uniqueness plugin and have been having a lot of
trouble doing searches since then. The Directory server goes down a lot
after searching for some entries. Below you say that there must be at least
one unique attribute in the DIT. Doesn't the DN itself serve as a unique
identifier for the entry? Does there need to be another unique attribute
together with the DN? Could we use e-mail as the unique attribute instead
and leave the UID checkbox unchecked?
Thanks in advance!!!
Allison
allison...@sra.com
"Roshan Shetty" <roshan...@hotmail.com> wrote in message
news:39CF9294...@hotmail.com...
> No. U have to have atleast one attribute as unique in the directory tree
>
> Roshan
>
> Yuandi Sialendra wrote:
>
> > We want the directory to check for UID uniqueness in different
sub-trees.
> > Unchecking the uid uniqueness would mean totally disabling the checks.
Is
> > there possibly another way?
> >
> > Thanks,
> > Yuandi
> >
> > kathy zhang wrote:
> >
> > > Go to directory adm console, in "configuration" tab: click on
plug-ins,
> > > uncheck the user id uniqueness.
> > >
> > > - kathy
> > >
> > > Bill Corley wrote:
> > >
Mark Wilcox
understanding the system.
Of course DNs must be unique. But for that to happen every leaf element (the
Relative DN) must be unique as well. Plus if you're going to be using the LDAP
server for authentication, then the uid attribute (which is used for
authentication) must be unique across the server. While it's technically legal
to have 2 different entries have the same username, authentication applications
will fail because they won't know which DN to apply the password to (problem
would be somewhat alleviated by using context, but in reality you want to match
1 uid per person to use as a form of electronic identity).
While yes you can use mail as your unique attribute, normally mail is in the
form of
u...@foo.org. Thus it's simpler to just use the default uid.
Now if you're not using the LDAP server for authentication & every mail
attribute is guranteed to be unique & you're using the mail attribute as your
RDN when constructing a DN, then you can use that as your unique attribute.
Mark
Stuart Miller
a constraint of a specific OU, is it also possible to tell the plugin to check
for UID uniqueness ONLY within _each_ OU subtree? In other words, if I add new
OUs frequently, I don't want to have to add a new line in the 'slapd.ldbm.conf'
file each time.
Is there a way to tell the plugin to ensure UIDs are unique with each OU,
without specifying their names?
Many thanks for this info!
Stuart
eurocis wrote:
> You should edit the slapd.ldbm.conf file. In this file you'll find all
> plugins directives
> and in particular the one called "user id uniqueness". At the end of the
> line you'll find an argument for the attribut, "uid", and the baseDN,
> "o=...".
>
> Then you can copy the line and change the name of the plugin from "user id
> uniqueness" to "user id uniquess in tree ..." the two name must be different
> and you change the baseDN according to your tree.
>
> Philippe
>
> Bill Corley a écrit :
>
Mark Wilcox
regardless of its location in the DIT.
You shouldn't ever have to edit any conf files to add an ou. It sounds like you're
talking about directory contexts which are completely different item all-together.
I'm not sure if it checks for uniqueness across contexts (contexts are the name of
the roots of different trees).
Mark
Ian K. Barnett
AFAIK, NSDS does not check for uniqueness across contexts.
Ian