By default, the plugin is disabled because it can affect performance in heavy write load environments. After the plugin is enabled, it does not check for attribute uniqueness on existing entries, only on new ADD, MODIFY, or MODDN operations. To ensure that no such conflicts exist in the data, administrators can use the identify-unique-attribute-conflicts command.

Important:

Ensure all attributes to enforce for uniqueness are indexed for equality in all backends. Use the LDAP SDK uniqueness request control for enforcing uniqueness on a per-request basis. For more information on the LDAP SDK documentation and the com.unboundid.ldap.sdk.unboundidds.controls.UniquenessResponseControl class for using the control, see Use the server SDK and LDAP SDK. See the ASN.1 specification to implement support for it in other APIs.

You can enforce attribute uniqueness in replicated environments in which each replica contains the complete set of data for which to provide uniqueness, regardless of whether clients communicate directly with the server or interact with it through a Directory Proxy Server. In such environments, all servers have identical uniqueness configurations.

Note:

It is not possible to prevent conflicts that arise from simultaneous writes on separate replicas. However, such conflicts are detected after the changes have been replicated and then triggers administrative alert notifications.

For proxied environments that do not have the complete set of data on all servers, such as environments that use entry balancing or that store different portions of the DIT on different servers, implement the Global Uniqueness Attribute plugin on the Directory Proxy Server instead of enabling the attribute uniqueness plugin on the PingDirectory Server Admin Guide. For more information, see the PingDirectory Server Admin Guide and the PingDirectoryProxy Server Admin Guide.

To enable the Unique Attribute plugin:

  1. Determine which attributes must be unique in your data.
  2. To enable the plugin, run the dsconfig tool.

    By default, the plugin type property is set to postsynchronizationadd, postsynchronizationmodify, postsynchronizationmodifydn, preoperationadd, preoperationmodify, and preopertionmodifydn.

    The following example checks for attribute uniqueness prior to ADD operation using the --set plugin-type:preoperationadd option.
    $ bin/dsconfig set-plugin-prop --plugin-name "UID Unique Attribute" \
      --set enabled:true
    1. If you want to set one plugin type, use the --set plugin-type:<operation-type> option.