Linux Man Page Viewer
The following form allows you to view linux man pages.
The constraint overlay is used to ensure that attribute values match
some constraints beyond basic LDAP syntax. Attributes can have multi-
ple constraints placed upon them, and all must be satisfied when modi-
fying an attribute value under constraint.
This overlay is intended to be used to force syntactic regularity upon
certain string represented data which have well known canonical forms,
like telephone numbers, post codes, FQDNs, etc.
It constrains only LDAP add, modify and rename commands and only seeks
to control the add and replace values of modify and rename requests.
No constraints are applied for operations performed with the relax con-
This slapd.conf option applies to the constraint overlay. It should
appear after the overlay directive.
constraint_attribute <attribute_name>[,...] <type> <value> [<extra>
Specifies the constraint which should apply to the comma-sepa-
rated attribute list named as the first parameter. Five types
of constraint are currently supported - regex, size, count, uri,
The parameter following the regex type is a Unix style regular
expression (See regex(7) ). The parameter following the uri type
is an LDAP URI. The URI will be evaluated using an internal
search. It must not include a hostname, and it must include a
list of attributes to evaluate.
The parameter following the set type is a string that is inter-
preted according to the syntax in use for ACL sets. This allows
to construct constraints based on the contents of the entry.
The size type can be used to enforce a limit on an attribute
length, and the count type limits the number of values of an
Extra parameters can occur in any order after those described
<extra> : restrict=<uri>
This extra parameter allows to restrict the application of the
corresponding constraint only to entries that match the base,
scope and filter portions of the LDAP URI. The base, if
constraint_attribute title uri
constraint_attribute cn,sn,givenName set
"(this/givenName + [ ] + this/sn) & this/cn"
A specification like the above would reject any mail attribute which
did not look like <alpha-numeric string>@mydomain.com. It would also
reject any title attribute whose values were not listed in the title
attribute of any titleCatalog entries in the given scope. (Note that
the "dc=catalog,dc=example,dc=com" subtree ought to reside in a sepa-
rate database, otherwise the initial set of titleCatalog entries could
not be populated while the constraint is in effect.) Finally, it
requires the values of the attribute cn to be constructed by pairing
values of the attributes sn and givenName, separated by a space, but
only for entries derived from the objectClass inetOrgPerson.
default slapd configuration file
This module was written in 2005 by Neil Dunbar of Hewlett-Packard and
subsequently extended by Howard Chu and Emmanuel Dreyfus. OpenLDAP
Software is developed and maintained by The OpenLDAP Project
<http://www.openldap.org/>. OpenLDAP Software is derived from Univer-
sity of Michigan LDAP 3.3 Release.
OpenLDAP 2.4.40 2014/09/20 SLAPO-CONSTRAINT(5)