HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

141

142

143

144

145

146

147

148

149

150

3.7.4.2.1 Specifying a suffix or subtree

The suffix or subtrees that the plug-in checks to ensure attribute uniqueness are defined using the

nsslapd-pluginarg attribute in the entry defining the plug-in.

To specify the subtree or subtrees, use ldapmodify to send LDIF update statements, similar to this

example:

ldapmodify -D "cn=directory manager" -w secret -p 389 -h server.example.com

dn: cn=mail uniqueness,cn=plugins,cn=config

changetype: modify

add: nsslapd-pluginarg2 nsslapd-pluginarg3

nsslapd-pluginarg2: ou=Engineering,dc=example,dc=com

nsslapd-pluginarg3: ou=Sales,dc=example,dc=com

This example LDIF statement modified the Attribute Uniqueness Plug-in to check the uniqueness of

the mail attribute under the subtrees dc=example,dc=com,

ou=Engineering,dc=example,dc=com, and ou=Sales,dc=example,dc=com.

Use the ldapmodify command to import the LDIF file into the directory. For detailed information

on the ldapmodify command, see the HP-UX Directory Server configuration, command, and file

reference.

Whenever this type of configuration change is made, restart the server.

/opt/dirsrv/slapd-instance_name/restart-slapd

For information on restarting the server, see “Starting and Stopping Servers” (page 19).

3.7.4.2.2 Using the markerObjectClass and requiredObjectClass keywords

Instead of specifying a suffix or subtree in the configuration of an Attribute Uniqueness Plug-in,

perform the check under the entry belonging to the DN of the updated entry that has the object

class given in the markerObjectClass keyword.

To specify to perform the uniqueness check under the entry in the DN of the updated entry that

contains the organizational unit (ou) object class, copy and paste an existing Attribute Uniqueness

Plug-in entry, and change the following attributes:

ldapmodify -D "cn=directory manager" -w secret -p 389 -h server.example.com

dn: cn=mail uniqueness,cn=plugins,cn=config

...

nsslapd-pluginEnabled: on

nsslapd-pluginarg0: attribute=mail

nsslapd-pluginarg1: markerObjectClass=ou

...

If the server should not check every entry in the organization unit, limit the scope by setting the

check to be performed only if the updated entry contains a specified object class.

For example, if the uniqueness of the mail attribute is checked, it is probably only necessary to

perform the check when adding or modifying entries with the person or inetorgperson object

class.

Restrict the scope of the check by using the requiredObjectClass keyword, as shown in the

following example:

dn: cn=mail uniqueness,cn=plugins,cn=config

...

nsslapd-pluginEnabled: on

nsslapd-pluginarg0: attribute=mail

nsslapd-pluginarg1: markerObjectClass=ou

nsslapd-pluginarg2: requiredObjectClass=person

...

142 Creating Directory Entries