Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.
This Globally Unique Attribute Plugin provides a mechanism that can run in the Directory Proxy Server in an attempt to prevent any value from appearing in more than one entry within a defined set of attributes.
Before forwarding an add, modify, or modify DN request to one or more backend servers, this Globally Unique Attribute Plugin may perform one or more searches to determine whether any entries conflict with the change. If a conflict is detected, then the change request will be rejected.
After the change has been processed, the server may also perform one or more searches in an attempt to determine if a conflict was created in multiple servers at the same time. If a conflict is detected in this manner, then an administrative alert will be generated to notify administrators of the problem so that they can take any manual corrective action.
Note that this plugin will attempt to detect and/or prevent unique attribute conflicts for changes processed through this Directory Proxy Server, but it cannot detect conflicts introduced by changes applied by clients communicating directly with backend servers.
It is recommended that the unique attribute plugin be enabled for all backend servers with the same configuration so that conflicts can be detected within individual backend server instances. However, the unique attribute plugin alone may not be sufficient for cases in which the content is split across multiple sets of servers (e.g., in an entry-balanced environment or in proxy configurations with different branches on different servers).
↓Parent Component
↓Relations from This Component
↓Properties
↓dsconfig Usage
The Globally Unique Attribute Plugin component inherits from the Plugin
The following components have a direct aggregation relation from Globally Unique Attribute Plugins:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ description | ↓ invoke-for-internal-operations |
| ↓ enabled | |
| ↓ type | |
| ↓ multiple-attribute-behavior | |
| ↓ subtree-view | |
| ↓ prevent-conflicts-with-soft-deleted-entries | |
| ↓ pre-commit-validation | |
| ↓ post-commit-validation | |
| ↓ filter |
| Description | A description for this Plugin |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the plug-in is enabled for use. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The attribute type(s) for which to enforce global uniqueness. The attribute must be indexed for equality searches in all subtree views for which uniqueness should be maintained. |
| Default Value | None |
| Allowed Values | The name or OID of an attribute type defined in the server schema. |
| Multi-Valued | Yes |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The behavior to exhibit if multiple attribute types are specified. |
| Default Value | unique-within-each-attribute |
| Allowed Values | unique-within-each-attribute - If multiple attributes are specified, then uniqueness will be enforced for all values of each attribute, but the same value may appear in different attributes (in the same entry or in different entries). unique-across-all-attributes-including-in-same-entry - If multiple attributes are specified, then uniqueness will be enforced across all of those attributes, so that if a value appears in one of those attributes, that value may not be present in any other of the listed attributes in the same entry, nor in any of the listed attributes in other entries. unique-across-all-attributes-except-in-same-entry - If multiple attributes are specified, then uniqueness will be enforced across all of those attributes, so that if a value appears in one of those attributes, that value may not be present in any of the listed attributes in other entries. However, the same value may appear in multiple attributes in the same entry. unique-in-combination - If multiple attributes are specified, then no two entries will be permitted to have the same combination of values for those attributes. This will only apply to entries that have at least one value for each of the configured attributes, and the server will attempt to prevent add, modify, and modify DN requests that would result in two or more entries having at least one value in common for each of the target attributes. If one or more of the attributes have multiple values, then the server will enforce uniqueness for every possible combination of the values of those attributes. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The subtree view(s) for which to enforce uniqueness. |
| Default Value | None |
| Allowed Values | The DN of any Subtree View. |
| Multi-Valued | Yes |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
prevent-conflicts-with-soft-deleted-entries
| Description | Indicates whether this Globally Unique Attribute Plugin should attempt to prevent conflicts with soft-deleted entries (i.e., entries that have been removed in a way that leaves them in the server but in a way that makes them no longer visible to or accessible by normal clients). Note that even if soft-deleted entry conflicts are ignored for most operations, an attempt to undelete a soft-deleted entry will be rejected if the resulting entry would conflict with other non-soft-deleted entries that already exist in the server. |
| Default Value | false |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the degree of validation that should be performed before a change request is forwarded to a backend server in order to ensure that the request will not result in a conflict with any existing entries. If a conflict is detected during pre-commit validation, the change will be rejected and will not be forwarded to any backend server. |
| Default Value | all-subtree-views |
| Allowed Values | none - Indicates that no pre-commit validation should be performed. This should generally only be used if the plugin will not attempt to prevent conflicts but should only perform post-commit validation in order to notify administrators of conflicts after they have been applied. all-subtree-views - Indicates that searches used to enforce uniqueness will be treated like normal searches through the subtree view, and may not result in access to more than a single backend server. all-backend-sets - Indicates that searches used to enforce uniqueness will be forwarded to at least one backend server in each backend set in an entry-balanced subtree view. In subtree views that do not use entry balancing, the effect will be the same as if the all-subtree-views level had been chosen. all-available-backend-servers - Indicates that searches used to enforce uniqueness will be forwarded to every available server associated with the target subtree views. Note that no attempt will be made to search degraded or unavailable servers. For a subtree view with a simple proxy configuration, all available servers associated with the load-balancing algorithm will be checked. For a subtree view with an entry-balanced configuration, all available servers in all backend sets will be checked. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the degree of validation that should be performed after a change has been successfully processed, in order to detect any conflicts that may have resulted from other changes processed simultaneously through this or another Directory Proxy Server instance. If a conflict is detected during post-commit validation, an administrative alert will be generated to notify administrators of the problem. |
| Default Value | all-subtree-views |
| Allowed Values | none - Indicates that no post-commit validation should be performed. This should generally only be used if it is believed that pre-commit validation should provide sufficient protection for the environment. all-subtree-views - Indicates that searches used to detect uniqueness conflicts will be treated like normal searches through the subtree view, and may not result in access to more than a single backend server. all-backend-sets - Indicates that searches used to detect uniqueness conflicts will be forwarded to at least one backend server in each backend set in an entry-balanced subtree view. In subtree views that do not use entry balancing, the effect will be the same as if the all-subtree-views level had been chosen. all-available-backend-servers - Indicates that searches used to enforce uniqueness will be forwarded to every available server associated with the target subtree views. Note that no attempt will be made to search degraded or unavailable servers. For a subtree view with a simple proxy configuration, all available servers associated with the load-balancing algorithm will be checked. For a subtree view with an entry-balanced configuration, all available servers in all backend sets will be checked. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the search filter to apply to determine if attribute uniqueness is enforced for the matching entries. If no value is given, then any entry is eligible to be checked for attribute uniqueness. If a filter is specified, then only entries that match the filter are checked for attribute uniqueness. This match includes the entry you are attempting to add or modify. Using a filter will incur some performance overhead for modify operations because the server will need to perform additional searches to determine whether the target entry matches this filter before or after the changes are applied. |
| Default Value | None |
| Allowed Values | A valid LDAP search filter |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
invoke-for-internal-operations (Advanced Property)
| Description | Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operations that can cause the same plug-in to be re-invoked. |
| Default Value | true |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Plugins:
dsconfig list-plugins
[--property {propertyName}] ...
To view the configuration for an existing Plugin:
dsconfig get-plugin-prop
--plugin-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Plugin:
dsconfig set-plugin-prop
--plugin-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Globally Unique Attribute Plugin:
dsconfig create-plugin
--plugin-name {name}
--type globally-unique-attribute
--set enabled:{propertyValue}
--set type:{propertyValue}
--set subtree-view:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Plugin:
dsconfig delete-plugin
--plugin-name {name}