[Date Prev][Date Next]
Re: Greatest value
I think this suggestion takes the prize for the simplest and most effective way
to solve the problem.
There are a couple of drawbacks, although they are easily overcome:
1. Somehow the stored maximum value could become incorrect - the other methods
mentioned could be used to find and set the correct maximum value.
2. It does not reuse vacant numbers from deleted users. - AFAIK, Current systems
using /etc/passwd don't do this either. Although, it could be a problem in
certain circumstances. e.g. A user is deleted; existing files owned by that user
are inherited by the next user to get the same userid.
Quoting Norbert Klasen <email@example.com>:
> GOMBAS Gabor wrote:
> > On Wed, Nov 22, 2000 at 04:42:54PM -0600, Matthew Hoskins wrote:
> > > My LDAP stores UIDnumbers for users on the UNIX systems we administer.
> > > To create a new user, I need the next available UID (which is the
> > > highest UID + 1).
> > Not an LDAP solution, but I used the following trick with NIS+: store
> > the last allocated uid in a local file. When creating a new user, read
> > stored value, increment it, and do an LDAP search to see if it exists. If
> > it does, repeat the process.
> One could add an attribute like "highestAssignedUidNumber" to the ou
> holding your accounts. To create a new user, read this attribute. Then
> use ONE ldap operation to delete the old value and readd the incremented
> value. Since ldap opreations are atomic, this increment is atomic. If
> the operation fails with "No such attribute (modify: delete values
> failed)", somebody else has incremented the value in the meantime. Just
> try again.
> > It's not a very elegant solution, but works nicely as far as you use the
> > same machine to create all new users.
> Since the value is available in the directory, you don't need to use the
> same machiene to create all new users. But you need to make all your
> mechanims or programs for creating users use this value.
> How about:
> attributetype ( 220.127.116.11.4.1.6918.104.22.168
> NAME 'highestAssignedUidNumber'
> DESC 'highest currently assigned UidNumber for posix accounts in a
> EQUALITY integerMatch
> SYNTAX 22.214.171.124.4.1.14126.96.36.199.27
> SINGLE-VALUE )
> objectclass ( 188.8.131.52.4.1.69184.108.40.206
> NAME 'UidNumberManagement'
> DESC 'information on UidNumbers in a domain/organization/realm'
> SUP top AUXILIARY
> MUST highestAssignedUidNumber )
> Other attributes which could be stored in such an object are
> minUserUidNumber (for use in pam_ldap; to keep system accounts local in
> /etc/passwd and just users in ldap), maxUidNumber
> While I'm at it, how about a template entry for new accouts with
> attributes like:
> gidNumber, homeDirectory, loginShell, shadowMin, shadowMax,
> shadowWarning, shadowInactive
> Norbert Klasen
> DFN Directory Services tel: +49 7071 29 70335
> ZDV, Universität Tübingen fax: +49 7071 29 5912
> Wächterstr. 76, 72074 Tübingen http://www.directory.dfn.de
> Germany firstname.lastname@example.org
This mail sent through IMP: http://horde.org/imp/