Atomic RID allocation in LDAP

Gerald (Jerry) Carter jerry at
Sat Oct 12 13:10:59 GMT 2002

On Sat, 12 Oct 2002, Andrew Bartlett wrote:

> We need a race-proof scheme to allocate RIDs, and I would prefer not to
> need to use a local TDB  - I would like it all 'in ldap', if at all
> possible.

See the uidPool objectclass in samba.schema.  You would do it like 

do {
  get the curent rid and the 

  issue the following change in on ldap_modify()
    dn: cn=ridPoool,<...>
    changetype: modify
    delete: rid
    rid: <old rid>
    add: rid
    rid: <new rid>
} while ldap_modify() fails;

This should be done atomically on the entry.  If the odl value cannot be 
deleted, the update will fail and you know someone changed it out from 
under you.

> Could we use LDAP DNs for this purpose?  An LDAP distinguished name must
> be unique - so why don't we have a separate 'allocation suffix'

No!!!!!   No more parameters.  Just place it one level under the already 
defined suffix and searc for (objectclass=ridPool).

> rid=1000,cn=rids,dc=example,dc=com
> rid=1001,cn=rids,dc=example,dc=com
> rid=1002,cn=rids,dc=example,dc=com

> While this generates a lot of DNs, I think it gives us a unique way to
> allocate these...  (Which is much better than the racy stuff we have
> now).

i don't follow you here.  This seems like adding entries for no reason.

> It's also a relitivly simple scheme, so we have a fighting chance that
> external LDAP admin tools might use this too, when adding Samba
> attributes.

cheers, jerry
 SAMBA Team                             
 "SAMS Teach Yourself Samba in 24 Hours" 2ed.       ISBN 0-672-32269-2
 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--

More information about the samba-technical mailing list