Re: Is existing documentation kind of vague?

[MJ J <mikedotjackson@gmail.com>]

Hi,

You don't need a special object class or schema, you can use this:

dn: cn=user,ou=increment,dc=foo,dc=bar
objectClass: top
objectClass: account
objectClass: posixAccount
cn: user
gidNumber: 99999
homeDirectory: /no/such/location
uid: user
uidNumber: 1000
description: Modify-increment user


And here is a python method to do the job for you:

def increment_uidnumber(l, base):
    """ Perform LDAP modify-increment operation on uidNumber tracking object """
    modlist = [(ldap.MOD_INCREMENT, "uidNumber", "1")]
    l.modify_s("cn=user,{0}".format(base), modlist)
    r = l.search_s(base, ldap.SCOPE_SUBTREE, "(objectClass=posixAccount)",
                   ['uidNumber'])
    next_number = r[0][1]['uidNumber'][0]

    return next_number


Hope that helps,
Mike

On Tue, Nov 14, 2017 at 9:13 PM, John Lewis <jl@hyperbolicinnovation.com> wrote:
> Hello Everyone.
>
> I was trying to implement uidNumber Attribute Auto-Incrementing Method
> and I read http://www.rexconsulting.net/ldap-protocol-uidNumber.html .
>
> I specifically want to point to this line here.
>
>> Create a “uidNext” entry (objectClass: uidNext) at an specific
>> location in the directory to store the incrementing value. Publish
>> this location in your application programming guides as the well-
>> known location for obtaining the next UID. Also publish this method
>> as the required method to retrieve a next UID.
>
> But I already know from http://www.openldap.org/doc/admin23/schema.html
>   & http://www.zytrax.com/books/ldap/ch3/ that object classes are
> defined  only. So the writer left out that they defined a schema and
> what name the called the schema. Maybe it isn't important. What is
> important is that they used object class "objectclass (
> 1.3.6.1.4.1.19173.2.2.2.8" to define it, but I can't find the
> registration of the object identifier on https://www.ldap.com/ldap-oid-
> reference or https://www.iana.org/assignments/ldap-parameters/ldap-para
> meters.xhtml#ldap-parameters-3.
>
> It makes perfect scene because it is a PRIVATE ENTERPRISE NUMBER. It
> would mean that anyone outside of Rex Consulting, Inc. https://www.iana
> .org/assignments/enterprise-numbers/enterprise-numbers would be using
> the wrong OID and that the specific object wouldn't be listed.
>
>> Under no circumstances should you hijack OID namespace!
> - OpenLDAP Software 2.4 Administrator's Guide
>
> That is a lot of data from a lot of different websites to string
> together that information. I have a good idea how to implement
> uidNumber, but I haven't seen it done and I can't do it CORRECT today
> because I would have to register for a Private Enterprise Number so I
> won't hijack an OID namespace and that would take up to 30 days and
> there is no documented contingency plan anywhere.
>
> We are all familiar with the the LDAP call out articles that come out
> every year. All of the articles seem to come from a place of
> frustration. To be fair I think call out articles are a trend with
> databases.
>
> Do you think existing documentation is kind of vague?
>