[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: create new user with same UID and GID


I faced the same problem a year ago and came to the same conclusion as Dan.

OpenLDAP does not offer you a mechanism to duplicate attribute values
upon entry or change (e.g. like triggers in a MySQL DB might do for
you). So you have to make sure, during entry creation, that the proper
values are assigned to the required attributes, e.g. by querying the
OpenLDAP DB first, filtering for assigned numbers and selecting an
unassigned uid and gid pair inside your user creation tool.
You could also create a dummy user account that stores the next usable
gid/uid pair (which you acquired once with the previous algorithm) and
then query that account each time you create a new user, increase its
gid and uid values and create your new user. This assumes some kind of
conflict free numbering scheme of your users by which you can infer the
next free number pair automatically.

What OpenLDAP does offer is the possibility of checking this constraint
for you by employing the slapo-unique overlay (to make sure you do not
assign a number that is already in use) and the slapo-constraint overlay
(to make sure the gid and uid attribute have the same value). I advise
reading the man pages to get some understanding on how they work and
maybe have a look at the OpenLDAP Administrators Guides Overlay section.


Bernd May

Attachment: signature.asc
Description: OpenPGP digital signature