Ceci est une ancienne révision du document !
Module constraint
Installation
Il faut simplement charger le module constraint :
ldapmodify -Y EXTERNAL -H ldapi:/// << EOF dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: constraint EOF
Configuration
Il faut ensuite configurer les contraintes pour votre database :
ldapadd -Y EXTERNAL -H ldapi:/// << EOF dn: olcOverlay={3}constraint,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcConstraintConfig olcOverlay: {3}constraint olcConstraintAttribute: uid count 1 EOF
L'exemple ci-dessus ajoute une contrainte sur le nombre de valeur de l'attribut uid dans votre database (une seule valeur autorisée).
Ci-dessous quelques exemples de contraintes configurables sur un annuaire SUPANN :
olcConstraintAttribute: cn count 1 restrict="ldap:///ou=people,dc=univ,dc=fr??sub?(objectClass=inetOrgPerson)" olcConstraintAttribute: cn regex "^[-A-Za-z0-9 ]*$" restrict="ldap:///dc=univ,dc=fr??base?(objectClass=*)" olcConstraintAttribute: cn regex "^[-A-Za-z0-9 ]*$" restrict="ldap:///ou=groups,dc=univ,dc=fr??sub?(objectClass=*)" olcConstraintAttribute: dc regex "^[a-z0-9-]*$" olcConstraintAttribute: displayName count 1 restrict="ldap:///ou=people,dc=univ,dc=fr??sub?(objectClass=inetOrgPerson)" olcConstraintAttribute: eduOrgHomePageURI count 1 olcConstraintAttribute: eduOrgHomePageURI,eduOrgSuperiorURI,eduOrgWhitePagesURI,labeledURI regex "^https?://.+$" olcConstraintAttribute: eduOrgLegalName count 1 olcConstraintAttribute: eduPersonAffiliation regex "^(student|faculty|staff|employee|member|affiliate|alum|library-walk-in|researcher|retired|emeritus|teacher|registered-reader)$" olcConstraintAttribute: eduPersonOrgDN count 1 restrict="ldap:///ou=people,dc=univ,dc=fr??sub?(objectClass=inetOrgPerson)" olcConstraintAttribute: eduPersonOrgDN uri ldap:///dc=univ,dc=fr?entryDN?sub?(objectClass=eduOrg) olcConstraintAttribute: eduPersonOrgUnitDN,eduPersonPrimaryOrgUnitDN uri ldap:///ou=structures,dc=univ,dc=fr?entryDN?sub?(objectClass=supannEntite) olcConstraintAttribute: eduPersonPrincipalName,mail,supannAutreMail,supannMailPerso,supannCMSSource,supannCMSAppIdDomaine,eduPersonUniqueId,eduPersonPrincipalName,eduPersonPrincipalNamePrior,mailForwardingAddress regex "^.+@.+$" olcConstraintAttribute: givenName count 1 restrict="ldap:///ou=people,dc=univ,dc=fr??sub?(objectClass=inetOrgPerson)" olcConstraintAttribute: homePhone count 1 restrict="ldap:///ou=people,dc=univ,dc=fr??sub?(objectClass=inetOrgPerson)" olcConstraintAttribute: mail count 1 restrict="ldap:///ou=people,dc=univ,dc=fr??sub?(objectClass=inetOrgPerson)" olcConstraintAttribute: member,owner,supannGroupeAdminDN,supannGroupeLecteurDN uri ldap:///dc=univ,dc=fr?entryDN?sub?(|(objectClass=supannPerson)(objectClass=supannGroupe)) restrict="ldap:///ou=groups,dc=univ,dc=fr??sub?(objectClass=supannGroupe)" olcConstraintAttribute: o,description count 1 restrict="ldap:///dc=univ,dc=fr??sub?(objectClass=organization)" olcConstraintAttribute: ou,description count 1 restrict="ldap:///dc=univ,dc=fr??sub?(objectClass=organizationalUnit)" olcConstraintAttribute: sn count 1 restrict="ldap:///ou=people,dc=univ,dc=fr??sub?(objectClass=inetOrgPerson)" olcConstraintAttribute: supannCMSAppAffectation regex "^\[type=(etudiant|personnel|visiteur|invite|lecteur|prestataire|vehicule|externe|\{[^}]+\}[^]]+)\]\[source=[^@\]]+@[^]]+\]\[domaine=[^]]+\]\[id=[^]]+\]\[valide=(vrai|faux)\](\[datefin=[0-9]{14}(Z|\+[0-9]{4})\])?$" olcConstraintAttribute: supannCMSIdEtiquette regex "^\{[^:]+:[^}]+\}.+$" olcConstraintAttribute: supannCMSType regex "^(etudiant|personnel|visiteur|invite|lecteur|prestataire|vehicule|externe|\{[^}]+\}[^]]+)$" olcConstraintAttribute: supannCivilite regex "^(M.|Mme|Mlle)$" olcConstraintAttribute: supannCodeEntiteParent,supannEntiteAffectation,supannEntiteAffectationPrincipale uri ldap:///ou=structures,dc=univ,dc=fr?supannCodeEntite?sub?(objectClass=supannEntite) olcConstraintAttribute: supannCodeINE count 1 olcConstraintAttribute: supannCodeINE regex "^([0-9]{10}[A-Z]|[0-9]{9}[A-Z]{2})$" olcConstraintAttribute: supannCodeINSEEPaysDeNaissance regex "^[0-9]{5}$" olcConstraintAttribute: supannCodeINSEEVilleDeNaissance regex "^[0-9]{5}$" olcConstraintAttribute: supannConsentement regex "^\{[^\:\}]+(\:[^\:\}]+)*\}(PUBLIC|AUTH|PR|APPRENANTS|INTERNE|FER|EDUGAIN|(EDUGAIN|FER)\:[^\:]+\:[^\:]+|CGU|APPLI\:.+|[a-zA-Z0-9]+\:.+|LDAP\:\/\/([^\:\/]+(\:[0-9]+)?)?\/[^\?]+\?\?(sub|base|one)?.+)$" olcConstraintAttribute: supannEmpCorps count 1 olcConstraintAttribute: supannEmpId count 1 olcConstraintAttribute: supannEmpProfil regex "^\[etab=\{[^}]+\}[^]]+\](\[affil=(student|faculty|staff|employee|member|affiliate|alum|library-walk-in|researcher|retired|emeritus|teacher|registered-reader)\])?(\[corps=\{[^}]+\}[^]]+\])?(\[typeaffect=\{[^}]+\}[^]]+\])?(\[affect=[^]]+\])?(\[activite=\{[^}]+\}[^]]+\])?(\[population=\{[^}]+\}[^]]+\])?(\[datefin=[0-9]{14}(Z|\+[0-9]{4})\])?$" olcConstraintAttribute: supannEtablissement,supannEtuDiplome,supannEtuElementPedagogique,supannEtuEtape,supannEtuRegimeInscription,supannEtuSecteurDisciplinaire,supannEtuTypeDiplome,supannRoleGenerique,supannTypeEntiteAffectation,supannEmpCorps,supannRefId regex "^\{[^}]+\}[^]]+$" olcConstraintAttribute: supannEtuAnneeInscription regex "^[0-9][0-9][0-9][0-9]$" olcConstraintAttribute: supannEtuId count 1 olcConstraintAttribute: supannEtuInscription regex "^\[etab=\{[^}]+\}[^]]+\]\[anneeinsc=[0-9]{4}\]\[regimeinsc=\{[^}]+\}[^]]+\]\[sectdisc=\{[^}]+\}[^]]+\]\[typedip=\{[^}]+\}[^]]+\]\[cursusann=\{[^}]+\}[^]]+\](\[affect=[^\]]+\])?(\[diplome=\{[^}]+\}[^]]+\])?(\[etape=\{[^}]+\}[^]]+\])?(\[eltpedago=\{[^}]+\}[^]]+\])?(\[population=\{[^}]+\}[^]]+\])?(\[datefin=[0-9]{14}(Z|\+[0-9]{4})\])?$" olcConstraintAttribute: supannExtProfil regex "^(\[etab=\{[^}]+\}[^]]+\])?(\[affil=(student|faculty|staff|employee|member|affiliate|alum|library-walk-in|researcher|retired|emeritus|teacher|registered-reader)\])?(\[typeaffect=\{[^}]+\}[^]]+\])?(\[affect=[^]]+\])?(\[parrain=[^]]+\])?(\[activite=\{[^}]+\}[^]]+\])?(\[population=\{[^}]+\}[^]]+\])?(\[datefin=[0-9]{14}(Z|\+[0-9]{4})\])?$" olcConstraintAttribute: supannMailPerso count 1 restrict="ldap:///ou=people,dc=univ,dc=fr??sub?(objectClass=inetOrgPerson)" olcConstraintAttribute: supannMailPrive regex "^\{(SECOURS|PERSO|PARENTS|PRO)\}.*@.*$" olcConstraintAttribute: supannOIDCDateDeNaissance regex "^[0-9]{4}-[0-9]{2}-[0-9]{2}$" olcConstraintAttribute: supannParrainDN uri ldap:///ou=structures,dc=univ,dc=fr?entryDN?sub?(|(objectClass=supannPerson)(objectClass=supannGroupe)(objectClass=supannEntite)) olcConstraintAttribute: supannRoleEntite regex "^\[role=\{[^}]+\}[^]]+\]\[type=\{[^}]+\}[^]]+\]\[code=[^\]]+\]$" olcConstraintAttribute: supannTelephonePrive regex "^\{(MOBPERSO|FIXEPERSO|FIXEPARENTS|MOBPARENTS|MOBPRO|FIXEPRO|SECOURS)\}\+?[0-9]{4,}$" olcConstraintAttribute: supannTypeEntite,supannEtuCursusAnnee regex "^\{SUPANN\}[A-Z][0-9]+$" olcConstraintAttribute: telephoneNumber,labeledURI count 1 restrict="ldap:///dc=univ,dc=fr??sub?(|(objectClass=inetOrgPerson)(objectClass=organization)(objectClass=organizationalUnit))" olcConstraintAttribute: telephoneNumber,supannAutreTelephone,mobile,facsimileTelephoneNumber,homePhone regex "^\+?[0-9]{4,}$" olcConstraintAttribute: uid count 1 olcConstraintAttribute: userPassword count 1