atomic number generator

[John Woodell <woodie@worldpac.com>]

Is this the correct way to increment and provision numbers from LDAP?

-----------------------------

## lookup current number
% /usr/local/bin/ldapsearch -LLL -b 'ou=Utils,o=ACME,c=US' employeeNextNumber
dn: cn=Registry,ou=Utils,o=ACME,c=us
employeeNextNumber: 8018

## delete current number and increment
% /usr/local/bin/ldapmodify ...
dn: cn=Registry,ou=Utils,o=ACME,c=us
delete: employeeNextNumber
employeeNextNumber: 8018
-
employeeNextNumber: 8019
modifying entry "cn=Registry,ou=Utils,o=ACME,c=us"

## entire operation will fail if repeated
% /usr/local/bin/ldapmodify ...
dn: cn=Registry,ou=Utils,o=ACME,c=us
delete: employeeNextNumber
employeeNextNumber: 8018
-
employeeNextNumber: 8019
modifying entry "cn=Registry,ou=Utils,o=ACME,c=us"
ldap_modify: No such attribute
       additional info: modify: delete values failed
ldif_record() = 16

-------------------------------

> The best approach, if I remember correctly, was proposed by Norbert
> Klausen and was based in using the atomicity property of modify
> operations.  If instead of using replace for that attribute you ask in
> the same Modify operation 'delete' of the old value plus 'add' of the
> new (incremented) value, you are guaranteeed to either fail if someone
> got there since you read the old max and tried to increment or succeed
> and thus preempt anyone else following the same algorithm.  Because
> all changes in the same modify MUST succeed or all of them MUST fail,
> according to RFC2251.