OpenLDAP field values within a list

I have set an openLDAP server and I have created a custom schema with various fields and it's working perfectly fine. However, I have some fields which I would like to only have some values. For example, I have a field called deviceLocation and I only want to have the values of EAST, WEST or CENTER. How can I make this?

Solution 1:

You need to add the constraints overlay to your configuration. It allows you to add regular expressions that the values must match to be accepted by add or change operations. Alternatively, it would allow you to create a subtree with all allowed locations and then check if th value you try to add is listed in that subtree.

http://www.openldap.org/doc/admin24/overlays.html#Constraints

Solution 2:

For future reference: as @Sven indicated, i used constraints to solve the problem. In my case, I create one ldif file to activate the constraint module:

dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /usr/lib64/openldap
olcModuleLoad: constraint.la

And another one to configure it:

dn: olcOverlay=constraint,olcDatabase={2}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcConstraintConfig
olcOverlay: constraint
olcConstraintAttribute: deviceLocation regex ^(EAST|WEST|CENTER)$

Uploaded the files with ldapadd and worked like a charm