[Date Prev][Date Next]
Re: how to check uniqueness of uidNumber ?
Sheesh! Every two or three months we go through this all over again....
To the best of my knowledge there is nothing in the openldap server that
will prevent the duplication of a value for any attribute (other than
dn) in the database. Therefore, you are required to police your
clients. The best practices that have been developed after hashing this
same topic repeatedly is summarized in the link above.
The process is easily extended to have a specific DN for each branch you
want to "protect" ....
Today at 3:19am, Jim C wrote:
> I'm trying to write scripts for this right now.
> The algorithm I am using works like this:
> 1. Retrieve / sort uids for a given ou.
> 2. Grab the biggest one.
> 3. Add 1.
> 4. Create a new record with the new uid.
> 5. Add it to the ldap server.
> Problem is that on a multi-user system, this should be an atomic action
> with locking. Otherwise someone else who is also adding users might
> beat you to the next number causeing two users with the same number.
> Of course you can fix this also by makeing uidNumber part of the dn.
> I just don't get why this is not the default however, and doing this
> probably breaks a number of things such as directory_administrator.
> Man, there just really ought to be more server-side tools / schema
> adjustments /standards for copeing with uids/rids.
> Sameh Attia wrote:
> > Leonid Mamtchenkov wrote:
> > the uidNumber attribute of the posixAccount objectClass is single
> > valued; i.e. u cannot add more than one attribute of uidNumber to a dn
> > that has a posixAccount. So the only solution I think to guarantee the
> > uniqueness of ur customers' uidNumber is on ur client side.
> > 1 - search for this uidNumber in ur tree
> > 2 - if found then do not add
> > 3 - if not found then add
> > I hope this helps
Frank Swasey | http://www.uvm.edu/~fcs
Systems Programmer | Always remember: You are UNIQUE,
University of Vermont | just like everyone else.
=== God Bless Us All ===