HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

131

132

133

134

135

136

137

138

139

140

uid=jdoe,ou=people,o=example_a,dc=example,dc=com is added, uniqueness needs

to be enforced only in the o=example_a,dc=example,dc=com subtree. This is done by

listing the DN of the subtree explicitly in the Attribute Uniqueness Plug-in configuration.

• Specify an object class pertaining to an entry in the DN of the updated entry and perform the

uniqueness check on all the entries beneath it.

This option is useful in hosted environments. For example, when adding an entry such as

uid=jdoe,ou=people,o=example_a,dc=example,dc=com, enforce uniqueness under

the o=example_a,dc=example,dc=com subtree without listing this subtree explicitly in

the configuration but, instead, by indicating a marker object class. If the marker object class

is set to organization, the uniqueness check algorithm locates the entry in the DN that has

this object class (o=example_a) and performs the check on all entries beneath it.

Additionally, it is possible to check uniqueness only if the updated entry includes a specified

object class. For example, a check may be performed only if the updated entry includes

objectclass=inetorgperson.

Directory Server provides a default instance of the Attribute Uniqueness Plug-in for the uid attribute

when the Directory Server was first set up. This plug-in instance ensures that values given to the

uid attribute are unique in the root suffix (the suffix corresponding to the userRoot database).

This plug-in is disabled by default because it affects the operation of multi-master replication. For

information on using the attribute uniqueness plug-in in a replicated environment, see “Replication

and the attribute uniqueness plug-in” (page 144).

3.7.2 Attribute uniqueness plug-in syntax

Configuration information for the Attribute Uniqueness Plug-in is specified in an entry under

cn=plugins,cn=config entry. There are two possible syntaxes for nsslapd-pluginarg

attributes.

NOTE:

To enforce uniqueness of another attribute than the ones in these example, copy and paste the

default Attribute Uniqueness Plug-in entry, and being care to change only the attributes described

here.

Use the following syntax to perform the uniqueness check under a suffix or subtree:

dn: cn=descriptive_plugin_name,cn=plugins,cn=config

...

nsslapd-pluginEnabled: state

nsslapd-pluginarg0: attribute_name

nsslapd-pluginarg1: dn1

nsslapd-pluginarg2: dn2

...

• Any value can be given to the cn attribute to name the plug-in. The name should be descriptive.

• The cn attribute does not contain the name of the attribute, which is checked for uniqueness.

• Only one attribute can be specified on which the uniqueness check will be performed.

• It is possible to specify several DNs of suffixes or subtrees in which to perform the uniqueness

check by incrementing the nsslapd-pluginarg attribute suffix by one each time.

The variable components of the Attribute Uniqueness Plug-in syntax are described in Table 15 (page

140).

Use the following syntax to specify to perform the uniqueness check below an entry containing a

specified object class:

dn: cn=descriptive_plugin_name,cn=plugins,cn=config

...

nsslapd-pluginEnabled: state

3.7 Enforcing Attribute Uniqueness 139