So we want to enforce unique CNs on groups under Internal but not under
External and only CNs on groups (because our current DN based uniqueness
constraint on CN means we can't create multiple password policy
nscontainer objects under Internal).
If we configure set nsslapd-pluginarg1 to
"O=Internal,DC=mycompany,DC=com", we enforce uniqueness in that
container but for all objects.
Although we haven't tried it (lest we create a bigger problem than we
already have!), I believe it we set nsslapd-pluginarg1 to
markerObjectClass=O and nsslapd-pluginarg2 to
requiredObjectClass=groupofuniquenames, it will enforce CN uniqueness on
groups but will do so both in Internal AND External. Is that correct?
So is it possible to combine them somehow to achieve what we want?
Thanks - John
389 users mailing list