Re: How to obtain a 'version number' of an attributes

[masarati@aero.polimi.it]

> I've got a little challenge...
>
> there is an attribute in AD call msDS-KeyVersionNumber.  In AD this
> operational attribute increments each time the unicodePwd attribute is
> updated.  It is typically a small integer, being the number of times
> that the password has ever been changed.
>
> In Samba4, we maintain this by looking into our replication metadata
> (replPropertyMetaData), and returning a counter that is maintained
> there.
>
> I could maintain this manually from Samba's side (this is what we did in
> the past), but I wanted to first check if there was something already
> stored that I could convert.

If I understand correctly what you're asking for, modifications of the
unicodePwd attribute should be accompanied by modify:increment of a
counter.  Something like:

dn: cn=someone
changetype: modify
replace: unicodePwd
unicodePwd:: <some value>
-

should be transformed into

dn: cn=someone
changetype: modify
replace: unicodePwd
unicodePwd:: <some value>
-
increment: msDS-KeyVersionNumber
msDS-KeyVersionNumber: 1
-

This way, the modification is atomic.  As usual, this could be
accomplished by stacking an overlay that intercepts modifications to
specified attributes, like unicodePwd.

Can you formalize this a little bit more?

p.