Issue Description When using the Attribute uniqueness plugin, restricted to one subtree, moving an object with an already existing attribute to this subtree does not raise any exceptions. It appears that the originating subtree is searched instead. Package Version and Platform: Platform: Containerized Fedora (tested on 33 and 34) Package and version: Tested with all versions >= 2.0.2 Steps to Reproduce Create two container objects e.g ou=c1,dc=example,dc=com and ou=c2,dc=example,dc=com Create an entry for the attr-uniq plugin restricted to the c1 subtree, restricting (for example) the mail attribute. Create two objects with the same value for mail in c2 (this should be allowed). Move one object to c1 Move the second object to c1. This should raise an exeption as another object with the same value for mail already exists in c1 but works without issues. Additionally, trying to move one of these objects back to c2 raises an exception even though there is no uniqueness constraint on c2. Expected results The attr-uniq plugin should prevent invalid move operations. Additional context I've tried to get to the root cause of this issue, and debug logs suggest that https://github.com/389ds/389-ds-base/blob/master/ldap/servers/plugins/uiduniq/uid.c#L1395 is called with the old parentDN. However, as this is my first time digging through the codebase I was unable to figure out why this happens.
Upstream ticket: https://github.com/389ds/389-ds-base/issues/4763
As the RHEL 8.5 reached EOL, it makes sense to move this BZ to dirsrv-11.5, which means RHEL 8.6.