| Summary: | Overlay unique ignore parameter doesn't funcion | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | David Spurek <dspurek> | ||||
| Component: | openldap | Assignee: | Jan Vcelak <jvcelak> | ||||
| Status: | CLOSED NOTABUG | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 6.1 | CC: | ebenes, jplans, jvcelak, omoris, tsmetana | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2011-08-11 16:05:29 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
I believe this is not a bug, but just a misunderstanding of the documentation. olcUniqueURI: ldap:///dc=my-domain,dc=com?mail?sub? olcUniqueURI: ignore ldap:///cn=usr1,dc=my-domain,dc=com?mail?sub? The documentation says, that the attributes are checked when add, modify, and modrdn operations are performed. When some matching entry is found, the operation is rejected. And the rules are evaluated sequentially. I understand from this statement, that the rules are evaluated sequentially. And 'ignore' works different than you expect. Documentation says, that by specifying this prefix, uniqueness of all non-operational attributes is enforced, except those listed. In fact, the second entry you are trying to add (cn=usr1,dc=my-domain,dc=com) would be rejected by both of the rules. The first one because of non-uniqueness of mail attribute, the second one because of non-uniqueness of objectClass. I suppose you wanted something like (simplified): olcUniqueURI: ldap:///?mail?sub?(!(cn=usr1)) Closing this bug as NOTABUG. |
Created attachment 514000 [details] Slapd configuration file Description of problem: Overlay unique ignore parameter doesn't funcion (same funcionality as unique parameter missing in configuration) Version-Release number of selected component (if applicable): openldap-servers-2.4.23-15.el6 How reproducible: always Steps to Reproduce: 1.slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/ (slapd.conf is in attachement) 2.add entry dn: cn=usr2, dc=my-domain,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top cn: usr2 sn: usr2 mail: usr2 uid: usr2 dn: cn=usr1,dc=my-domain,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top cn: usr1 sn: usr1 mail: usr2 uid: usr1 Actual results: adding new entry "cn=usr2,dc=my-domain,dc=com" adding new entry "cn=usr1,dc=my-domain,dc=com" ldap_add: Constraint violation (19) additional info: some attributes not unique Expected results: Add operation should pass