Hello, all. We would like to enforce unique cn for groupofuniquenames only and only under a specific part of the DIT. I'll illustrate with: O=Internal,DC=mycompany,DC=com O=External,DC=mycompany,DC=com So we want to enforce unique CNs on groups under Internal but not under External and only CNs on groups (because our current DN based uniqueness constraint on CN means we can't create multiple password policy nscontainer objects under Internal). If we configure set nsslapd-pluginarg1 to "O=Internal,DC=mycompany,DC=com", we enforce uniqueness in that container but for all objects. Although we haven't tried it (lest we create a bigger problem than we already have!), I believe it we set nsslapd-pluginarg1 to markerObjectClass=O and nsslapd-pluginarg2 to requiredObjectClass=groupofuniquenames, it will enforce CN uniqueness on groups but will do so both in Internal AND External. Is that correct? So is it possible to combine them somehow to achieve what we want? Thanks - John -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
