-access to attrs=emailforward
- by dn="uid=admin,ou=users,dc=debian,dc=org" write
- by group="uid=admin,ou=users,dc=debian,dc=org" write
- by self write
- by addr=127.0.0.1 read
- by domain=.*\.debian\.org read
- by * none
-access to attrs=c,l,loginShell,ircNick,labeledURL
- by dn="uid=admin,ou=users,dc=debian,dc=org" write
- by group="uid=admin,ou=users,dc=debian,dc=org" write
- by self write
-access to attrs=facsimileTelephoneNumber,telephoneNumber,postalAddress,postalC
-ode,loginShell,onvacation,privateSub,latitude,longitude
- by dn="uid=admin,ou=users,dc=debian,dc=org" write
- by group="uid=admin,ou=users,dc=debian,dc=org" write
- by self write
- by dn="uid=.*,ou=users,dc=debian,dc=org" read
- by * none
-access to *
- by dn="uid=admin,ou=users,dc=debian,dc=org" write
- by group="uid=admin,ou=users,dc=debian,dc=org" write
+moduleload /usr/lib/ldap/unique.so
+overlay unique
+unique_uri ldap:///ou=users,dc=debian,dc=org?uidNumber,uid,keyFingerPrint?sub
+unique_uri ldap:///ou=groups,dc=debian,dc=org?gidNumber,cn?sub
+
+# Constraints are useful
+moduleload /usr/lib/ldap/constraint.so
+overlay constraint
+constraint_attribute mailContentInspectionAction regex ^([mM][aA][rR][kK][uU][pP]|[bB][lL][aA][cC][kK][hH][oO][lL][eE]|[rR][eE][jJ][eE][cC][tT])$
+constraint_attribute gender regex ^(1|2|9|[mM][aA][lL][eE]|[fF][eE][mM][aA][lL][eE]|[uU][nN][sS][pP][eE][cC][iI][fF][iI][eE][dD])$