attribute uniqueness

This commit is contained in:
Roland Gruber 2013-07-21 10:04:12 +00:00
parent e1f4835de4
commit 633caccec6
1 changed files with 55 additions and 12 deletions

View File

@ -1972,8 +1972,9 @@ Have fun!
IDs assigned if users create accounts at the same time. Use an IDs assigned if users create accounts at the same time. Use an
<ulink <ulink
url="http://www.openldap.org/doc/admin24/overlays.html">overlay</ulink> url="http://www.openldap.org/doc/admin24/overlays.html">overlay</ulink>
like "Attribute Uniqueness" if you have lots of LAM admins like "Attribute Uniqueness" (<link
creating accounts.</para> linkend="a_openldap_unique">example</link>) if you have lots of
LAM admins creating accounts.</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
@ -2771,8 +2772,9 @@ Have fun!
Please note that it may happen that there are duplicate IDs assigned Please note that it may happen that there are duplicate IDs assigned
if users create groups at the same time. Use an <ulink if users create groups at the same time. Use an <ulink
url="http://www.openldap.org/doc/admin24/overlays.html">overlay</ulink> url="http://www.openldap.org/doc/admin24/overlays.html">overlay</ulink>
like "Attribute Uniqueness" if you have lots of LAM admins creating like "Attribute Uniqueness" (<link
groups.</para> linkend="a_openldap_unique">example</link>) if you have lots of LAM
admins creating groups.</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
@ -6926,18 +6928,59 @@ Run slapindex to rebuild the index.
</appendix> </appendix>
<appendix> <appendix>
<title>Recommended OpenLDAP settings</title> <title>Typical OpenLDAP settings</title>
<para>Some basic hints to configure the OpenLDAP server:</para> <para>Some basic hints to configure the OpenLDAP server:</para>
<para><emphasis role="bold">Size limit:</emphasis> OpenLDAP allows by <para><emphasis role="bold">Size limit:</emphasis></para>
default 500 return values per search, if you have more users/groups/hosts
change this in slapd.conf: e.g. "sizelimit 10000" or "sizelimit -1" for
unlimited return values.</para>
<para><emphasis role="bold">Indices:</emphasis> Indices will improve the <para>You will get a message like "LDAP sizelimit exceeded, not all
performance when searching for entries in the LDAP directory. The entries are shown." when you hit the LDAP search limit.</para>
following indices are recommended:</para>
<para>OpenLDAP allows by default 500 return values per search, if you have
more users/groups/hosts please change this:</para>
<para>slapd.conf:</para>
<para>e.g. "sizelimit 10000" or "sizelimit -1" for unlimited return
values</para>
<para>slapd.d:</para>
<para>e.g. "olcSizeLimit: 10000" or "olcSizeLimit: -1" for unlimited
return values in etc/ldap/slapd.d/cn=config.ldif</para>
<literallayout>
</literallayout>
<para><emphasis id="a_openldap_unique" role="bold">Unique
attributes:</emphasis></para>
<para>There are cases where you do not want that same attribute values
exist multiple times in your database. A good example are UID/GID
numbers.</para>
<para>OpenLDAP provides the <ulink
url="http://www.openldap.org/doc/admin24/overlays.html">attribute
uniqueness overlay</ulink> for this task.</para>
<para>Example to force unique UID numbers:</para>
<para>In
<emphasis>/etc/ldap/slapd.d/cn=config/cn=module{0}.ldif</emphasis> add
"olcModuleLoad: {3}unique" (replace "3" with the highest existing number
plus one).</para>
<para>Now in /etc/ldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif add e.g.
"olcUniqueURI: ldap:///?uidNumber?sub"</para>
<literallayout>
</literallayout>
<para><emphasis role="bold">Indices:</emphasis></para>
<para>Indices will improve the performance when searching for entries in
the LDAP directory. The following indices are recommended:</para>
<simplelist> <simplelist>
<member>index objectClass eq</member> <member>index objectClass eq</member>