The Unique Attribute plugin enforces uniqueness constraints on the values of one or more attributes across a portion of the PingDirectory server. The plugin checks for uniqueness prior to an add, modify, or modify distinguished name (DN) request and instructs the server to reject the request if a constraint violation is found.
By default, the plugin is disabled because it can affect performance in heavy write load
environments. After the plugin is enabled, it does not check for attribute uniqueness on
existing entries, only on new
MODDN operations. To ensure that no such conflicts exist in the
data, administrators can use the identify-unique-attribute-conflicts
Ensure all attributes to enforce for uniqueness are indexed for equality in all
backends. Use the LDAP SDK uniqueness request control for enforcing uniqueness on a
per-request basis. For more information on the LDAP SDK documentation and the
class for using the control, see Use the server SDK
and LDAP SDK. See the ASN.1 specification to implement support for it in
You can enforce attribute uniqueness in replicated environments in which each replica contains the complete set of data for which to provide uniqueness, regardless of whether clients communicate directly with the server or interact with it through a PingDirectoryProxy server. In such environments, all servers have identical uniqueness configurations.
It is not possible to prevent conflicts that arise from simultaneous writes on separate replicas. However, such conflicts are detected after the changes have been replicated and then triggers administrative alert notifications.
For proxied environments that do not have the complete set of data on all servers, such as environments that use entry balancing or that store different portions of the DIT on different servers, implement the Global Uniqueness Attribute plugin on the PingDirectoryProxy server instead of enabling the attribute uniqueness plugin on the PingDirectory server. For more information, see the PingDirectory Server Administration Guide and the PingDirectoryProxy Server Administration Guide.
To enable the Unique Attribute plugin:
- Determine which attributes must be unique in your data.
To enable the plugin, run the dsconfig tool.
By default, the plugin type property is set to
preopertionmodifydn.The following example checks for attribute uniqueness prior to
ADDoperation using the --set plugin-type:preoperationadd option.
$ bin/dsconfig set-plugin-prop --plugin-name "UID Unique Attribute" \ --set enabled:true
- If you want to set one plugin type, use the --set plugin-type:<operation-type> option.