From https://github.com/freeipa/freeipa/pull/1365#issuecomment-349950519:

So the "uiduniq" feature of directory server has a couple of gotchas.

First, we don't actually check existing data for uniquness, only new data. So existing violations will go un-noticed.

Second, it's possible to have a race condition between two masters where they both add a record with unique properties to an object, then on replication, we can't reject either change, so the uniqueness is no longer upheld.

So a better idea to do this, is actually to have objects with a singleValued attr (preferably rdn). Then when you duplicate, we can use syntax level updates that will hold that only one value was used. One object or the other will survive, the other will be rejected.

However, the issue there is that you don't know your object was rejected til some point in time after (once it becomes a conflict entry ...)

There are some unique challenges to async multi master systems ;) ensuring consistency like this is best effort, not a guarantee.