The Unique Attribute plugin is used to enforce uniqueness constraints on the values of one or more attributes across a portion of the Directory Server. The plugin checks for uniqueness prior to an add, modify, or modify DN request and will instruct the server to reject the request if a constraint violation is found.
The plugin is disabled by default as it can affect performance in heavy write load environments. After the plugin is enabled, it does not check for attribute uniqueness on existing entries, but only on new ADD, MODIFY, or MODDN operations. However, administrators can use the identify-unique-attribute-conflicts tool to ensure that no such conflicts exist in the data.
Attribute uniqueness can be enforced in replicated environments in which each replica contains the complete set of data for which to provide uniqueness, regardless of whether clients communicate directly with the server or interact with it through a Directory Proxy Server. In such environments, all servers should have identical uniqueness configurations. Note that it is not possible to completely prevent conflicts that arise from simultaneous writes on separate replicas. However, such conflicts will be detected after the changes have been replicated and will trigger administrative alert notifications.
For proxied environments that do not have the complete set of data on all servers (e.g., environments that use entry balancing or that store different portions of the DIT on different servers), you can implement the Global Uniqueness Attribute plugin on the Directory Proxy Server, instead of enabling the attribute uniqueness plugin on the Directory Server. For more information, see the PingDirectoryProxy Server Administration Guide.