Manualshelf

Red Hat Directory Server 8.0 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Red Hat Directory Server Software
521522523524525526527528529530
Using the Attribute Uniqueness
Plug-in
The Attribute Uniqueness Plug-in can be used to ensure that the new or edited attributes always
have unique values in the directory. A new instance of the Attribute Uniqueness Plug-in must be
created for every attribute for which values must be unique. The Attribute Uniqueness Plug-in
can enforce the uniqueness of the value for any attribute.
1. Overview of the Attribute Uniqueness Plug-in
The Attribute Uniqueness Plug-in is a preoperation plug-in. This means that the plug-in checks
all update operations before the server performs an LDAP operation. The plug-in determines
whether the operation applies to an attribute and a suffix that it is configured to monitor.
If an update operation applies to an attribute and suffix monitored by the plug-in and it would
cause two entries to have the same attribute value, then the server terminates the operation
and returns an LDAP_CONSTRAINT_VIOLATION error to the client.
Each instance of the Attribute Uniqueness Plug-in performs a check on a single attribute for one
or more subtrees. To check uniqueness of several attributes, a separate instance of the plug-in
must be created for each attribute to check.
The Attribute Uniqueness Plug-in can operate in specific, user-defined ways:
It can check every entry in the specified subtrees.
For example, if a company, example.com, hosts the directories for example_a.com and
example_b.com, when an entry such as
uid=jdoe,ou=people,o=example_a,dc=example,dc=com is added, uniqueness needs to be
enforced only in the o=example_a,dc=example,dc=com subtree. This is done by listing the
DN of the subtree explicitly in the Attribute Uniqueness Plug-in configuration.
This configuration option is explained in more detail in Section 4.3.2, “Specifying a Suffix or
Subtree”.
Specify an object class pertaining to an entry in the DN of the updated entry and perform the
uniqueness check on all the entries beneath it.
This option is useful in hosted environments. For example, when adding an entry such as
uid=jdoe,ou=people,o=example_a,dc=example,dc=com, enforce uniqueness under the
o=example_a,dc=example,dc=com subtree without listing this subtree explicitly in the
configuration but, instead, by indicating a marker object class. If the marker object class is set
to organization, the uniqueness check algorithm locates the entry in the DN that has this
object class (o=example_a) and performs the check on all entries beneath it.
Additionally, it is possible to check uniqueness only if the updated entry includes a specified
Chapter 18.
503