Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 7. Managing Attributes and Values
Red Hat Directory Server provides several different mechanisms for dynamically and automatically maintaining some types of attributes on directory entries. These plug-ins and configuration options simplify managing directory data and expressing relationships between entries.
Part of the characteristic of entries are their relationships to each other. Obviously, a manager has an employee, so those two entries are related. Groups are associated with their members. There are less apparent relationships, too, like between entries which share a common physical location.
Red Hat Directory Server provides several different ways that these relationships between entries can be maintained smoothly and consistently. There are several plug-ins can apply or generate attributes automatically as part of the data within the directory, including classes of service, linking attributes, and generating unique numeric attribute values.
7.1. Enforcing Attribute Uniqueness
링크 복사링크가 클립보드에 복사되었습니다!
To ensure that the value of an attribute is unique across the directory or subtree, use the Attribute Uniqueness plug-in.
If you want multiple attributes to be unique or if you want to use different conditions, create multiple configuration records of the plug-in.
7.1.1. Creating a New Configuration Record of the Attribute Uniqueness Plug-in
링크 복사링크가 클립보드에 복사되었습니다!
For each attribute whose values must be unique, create a new configuration record of the Attribute Uniqueness plug-in.
Note
You can only create a new configuration record of the plug-in from the command line.
To create a new unconfigured and disabled configuration record of the plug-in named
Example Attribute Uniqueness:
dsconf -D "cn=Directory Manager" ldap://server.example.com plugin attr-uniq add "Example" --attr-name uid
dsconf -D "cn=Directory Manager" ldap://server.example.com plugin attr-uniq add "Example" --attr-name uid7.1.2. Configuring Attribute Uniqueness over Suffixes or Subtrees
링크 복사링크가 클립보드에 복사되었습니다!
You can configure the Attribute Uniqueness plug-in to ensure that values of an attribute are unique in certain suffixes, subtrees, or over suffixes and subtrees.
7.1.2.1. Configuring Attribute Uniqueness over Suffixes or Subtrees Using the Command Line
링크 복사링크가 클립보드에 복사되었습니다!
To configure, for example, that values stored in
mail attributes are unique:
- Create a new configuration record of the Attribute Uniqueness plug-in named, for example,
mail Attribute Uniqueness. For details, see Section 7.1.1, “Creating a New Configuration Record of the Attribute Uniqueness Plug-in”. - Enable the plug-in configuration record:
dsconf -D "cn=Directory Manager" ldap://server.example.com plugin attr-uniq enable "mail Attribute Uniqueness"
# dsconf -D "cn=Directory Manager" ldap://server.example.com plugin attr-uniq enable "mail Attribute Uniqueness"Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Configure that values stored in
mailattributes must be unique inside, for example, theou=Engineering,dc=example,dc=comandou=Sales,dc=example,dc=comsubtrees:dsconf -D "cn=Directory Manager" ldap://server.example.com plugin attr-uniq set "mail Attribute Uniqueness" --attr-name mail --subtree ou=Engineering,dc=example,dc=com ou=Sales,dc=example,dc=com
# dsconf -D "cn=Directory Manager" ldap://server.example.com plugin attr-uniq set "mail Attribute Uniqueness" --attr-name mail --subtree ou=Engineering,dc=example,dc=com ou=Sales,dc=example,dc=comCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Optionally, to configure uniqueness across all subtrees configured in this plug-in configuration record:
dsconf -D "cn=Directory Manager" ldap://server.example.com plugin attr-uniq set "mail Attribute Uniqueness" --across--all-subtrees=on
# dsconf -D "cn=Directory Manager" ldap://server.example.com plugin attr-uniq set "mail Attribute Uniqueness" --across--all-subtrees=onCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Restart the instance:
dsctl instance_name restart
# dsctl instance_name restartCopy to Clipboard Copied! Toggle word wrap Toggle overflow
7.1.2.2. Configuring Attribute Uniqueness over Suffixes or Subtrees Using the Web Console
링크 복사링크가 클립보드에 복사되었습니다!
To configure, for example, that values stored in
mail attributes are unique:
- Open the Directory Server user interface in the web console. See Section 1.4, “Logging Into Directory Server Using the Web Console”.
- Select the instance.
- Open the menu.
- Select the Attribute Uniqueness plug-in.
- Click .
- Fill the fields, and enable the config. For example:
Figure 7.1. Adding an Attribute Uniqueness Configuration
- Restart the instance. See Section 1.5.2, “Starting and Stopping a Directory Server Instance Using the Web Console”.
7.1.3. Configuring Attribute Uniqueness over Object Classes
링크 복사링크가 클립보드에 복사되었습니다!
You can configure the Attribute Uniqueness plug-in to ensure that values of an attribute are unique in subtree entries that contain a specific object class. Directory Server searches for this object class in the parent entry of the updated object. If Directory Server did not find the object class, the search continues at the next higher level entry up to the root of the directory tree. If the object class was found, Directory Server verifies that the value of the attribute set in
uniqueness-attribute-name is unique in this subtree.
To configure, for example, that values stored in
mail attributes are unique under the entry that contains the nsContainer object class:
- Create a new configuration record of the Attribute Uniqueness plug-in named, for example,
mail Attribute Uniqueness. For details, see Section 7.1.1, “Creating a New Configuration Record of the Attribute Uniqueness Plug-in”. - Enable the plug-in configuration record:
dsconf -D "cn=Directory Manager" ldap://server.example.com plugin attr-uniq enable "mail Attribute Uniqueness"
# dsconf -D "cn=Directory Manager" ldap://server.example.com plugin attr-uniq enable "mail Attribute Uniqueness"Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Configure that values stored in
mailattributes must be unique under the entry that contains thensContainerobject class:dsconf -D "cn=Directory Manager" ldap://server.example.com plugin attr-uniq set "mail Attribute Uniqueness" --top-entry-oc=nsContainer
# dsconf -D "cn=Directory Manager" ldap://server.example.com plugin attr-uniq set "mail Attribute Uniqueness" --top-entry-oc=nsContainerCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Optionally, you can limit the scope of objects being checked. If you want the server to check only a subset of entries under the entry that contains the
nsContainerobject class, set an additional object class in theuniqueness-subtree-entries-ocparameter. This additional class will also have to be present.For example, themailattribute must be unique in all entries under the entry that contains thensContainerobject class set. However, you want that the plug-in only searches themailin entries that contain a object class that provides this attribute, such asinetOrgPerson. In this situation enter:dsconf -D "cn=Directory Manager" ldap://server.example.com plugin attr-uniq set "mail Attribute Uniqueness" --subtree-entries-oc=inetOrgPerson
# dsconf -D "cn=Directory Manager" ldap://server.example.com plugin attr-uniq set "mail Attribute Uniqueness" --subtree-entries-oc=inetOrgPersonCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Restart the instance:
dsctl instance_name restart
# dsctl instance_name restartCopy to Clipboard Copied! Toggle word wrap Toggle overflow
7.1.4. Attribute Uniqueness Plug-in Configuration Parameters
링크 복사링크가 클립보드에 복사되었습니다!
To configure an Attribute Uniqueness plug-in configuration record, set the plug-in's configuration attributes in the
cn=attribute_uniqueness_configuration_record_name,cn=plugins,cn=config entry.
Example 7.1. Attribute Uniqueness Plug-in Configuration Using Plug-in-specific Attributes
dn: cn=Example Attribute Uniqueness,cn=plugins,cn=config nsslapd-pluginEnabled: on uniqueness-attribute-name: attribute_name uniqueness-top-entry-oc: objectclass1 uniqueness-subtree-entries-oc: objectclass2
dn: cn=Example Attribute Uniqueness,cn=plugins,cn=config
nsslapd-pluginEnabled: on
uniqueness-attribute-name: attribute_name
uniqueness-top-entry-oc: objectclass1
uniqueness-subtree-entries-oc: objectclass2
For a list of parameters you can set to configure the Attribute Uniqueness plug-in, see the corresponding section in the Red Hat Directory Server Configuration, Command, and File Reference.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}