Re: Unique user accounts

[Markus Schaber <schaber@scan-plus.de>]

Hello,

On Sun, 28 Sep 2003 21:17:21 -0400
Ace Suares <ace@suares.nl> wrote:

> > > > I really miss ldap transactions,
> > > that wouldn't help either, would it ?
> > It would help, because I could bundle the check-insert-checkagain
> > cycle(or even more complex sequences) into a transaction, so they
> > would either appear as one atomic command that either gets executed
> > completely, or aborts completely.
> Well, it wouldn't help for my problem - seperate mail/dns/ftp servers
> for each 'virtual isp' can work though.

Maybe it would help together with the extended filter I described.
Transactions make it possible that the deactivation of the old and the
activation of the new account appear as one atomic action, that means
there's no single moment of visible inconsistency, thus removing the
need of shutting down the ldap server.

> What a wild world it is huh ? Things you can't do now are commonplace
> in a year.. sometimes :-)

Well, ldap just is a relatively young database technology. If you look
to SQL & friendy, they have transactions since decades.

And in case you don't want to mess with clients reconfiguring to see the
activation attribute, one could simply rename the table and define a
view using the old name. The view can be defined to hide the activation
attribute, and to show only those objects with active state to the
clients. 

Using triggers, one could even force the database that, at ever
time, exactly one account with the same name is active. Hey, those weird
SQL folks even have implemented nested transactions in some servers...

Greets from Ulm,
Markus Schaber