[Date Prev][Date Next]
Re: Greatest value
GOMBAS Gabor wrote:
> On Wed, Nov 22, 2000 at 04:42:54PM -0600, Matthew Hoskins wrote:
> > My LDAP stores UIDnumbers for users on the UNIX systems we administer.
> > To create a new user, I need the next available UID (which is the
> > highest UID + 1).
> Not an LDAP solution, but I used the following trick with NIS+: store
> the last allocated uid in a local file. When creating a new user, read this
> stored value, increment it, and do an LDAP search to see if it exists. If
> it does, repeat the process.
One could add an attribute like "highestAssignedUidNumber" to the ou
holding your accounts. To create a new user, read this attribute. Then
use ONE ldap operation to delete the old value and readd the incremented
value. Since ldap opreations are atomic, this increment is atomic. If
the operation fails with "No such attribute (modify: delete values
failed)", somebody else has incremented the value in the meantime. Just
> It's not a very elegant solution, but works nicely as far as you use the
> same machine to create all new users.
Since the value is available in the directory, you don't need to use the
same machiene to create all new users. But you need to make all your
mechanims or programs for creating users use this value.
attributetype ( 188.8.131.52.4.1.69184.108.40.206
DESC 'highest currently assigned UidNumber for posix accounts in a
objectclass ( 220.127.116.11.4.1.6918.104.22.168
DESC 'information on UidNumbers in a domain/organization/realm'
SUP top AUXILIARY
MUST highestAssignedUidNumber )
Other attributes which could be stored in such an object are
minUserUidNumber (for use in pam_ldap; to keep system accounts local in
/etc/passwd and just users in ldap), maxUidNumber
While I'm at it, how about a template entry for new accouts with
gidNumber, homeDirectory, loginShell, shadowMin, shadowMax,
DFN Directory Services tel: +49 7071 29 70335
ZDV, Universität Tübingen fax: +49 7071 29 5912
Wächterstr. 76, 72074 Tübingen http://www.directory.dfn.de