HP-UX Directory Server 8.1 administrator guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

141

142

143

144

145

146

147

148

149

150

Alternate option: In the Directory Server Console, click the Directory tab. In the left navigation

tree, expand the config folder, then the Plug-ins folder. Select the plug-in instance. Edit the

attribute value fields.

3.7.4.2 Configuring attribute uniqueness plug-ins from the command line

This section provides information about configuring the plug-in from the command line.

• “Specifying a suffix or subtree”

• “Using the markerObjectClass and requiredObjectClass keywords”

3.7.4.2.1 Specifying a suffix or subtree

The suffix or subtrees that the plug-in checks to ensure attribute uniqueness are defined using

the nsslapd-pluginarg attribute in the entry defining the plug-in.

To specify the subtree or subtrees, use ldapmodify to send LDIF update statements, similar to

this example:

ldapmodify -D "cn=directory manager" -w secret -p 389 -h server.example.com

dn: cn=mail uniqueness,cn=plugins,cn=config

changetype: modify

add: nsslapd-pluginarg2 nsslapd-pluginarg3

nsslapd-pluginarg2: ou=Engineering,dc=example,dc=com

nsslapd-pluginarg3: ou=Sales,dc=example,dc=com

This example LDIF statement modified the Attribute Uniqueness Plug-in to check the uniqueness

of the mail attribute under the subtrees dc=example,dc=com,

ou=Engineering,dc=example,dc=com, and ou=Sales,dc=example,dc=com.

Use the ldapmodify command to import the LDIF file into the directory. For detailed information

on the ldapmodify command, see the HP-UX Directory Server configuration, command, and file

reference.

Whenever this type of configuration change is made, restart the server.

/opt/dirsrv/slapd-instance_name/restart-slapd

For information on restarting the server, see “Starting and stopping servers”.

3.7.4.2.2 Using the markerObjectClass and requiredObjectClass keywords

Instead of specifying a suffix or subtree in the configuration of an Attribute Uniqueness Plug-in,

perform the check under the entry belonging to the DN of the updated entry that has the object

class given in the markerObjectClass keyword.

To specify to perform the uniqueness check under the entry in the DN of the updated entry that

contains the organizational unit (ou) object class, copy and paste an existing Attribute Uniqueness

Plug-in entry, and change the following attributes:

ldapmodify -D "cn=directory manager" -w secret -p 389 -h server.example.com

dn: cn=mail uniqueness,cn=plugins,cn=config

...

nsslapd-pluginEnabled: on

nsslapd-pluginarg0: attribute=mail

nsslapd-pluginarg1: markerObjectClass=ou

...

If the server should not check every entry in the organization unit, limit the scope by setting the

check to be performed only if the updated entry contains a specified object class.

For example, if the uniqueness of the mail attribute is checked, it is probably only necessary to

perform the check when adding or modifying entries with the person or inetorgperson

object class.

142 Creating directory entries