Atomic RID allocation in LDAP
Gerald (Jerry) Carter
jerry at samba.org
Sat Oct 12 13:10:59 GMT 2002
On Sat, 12 Oct 2002, Andrew Bartlett wrote:
> We need a race-proof scheme to allocate RIDs, and I would prefer not to
> need to use a local TDB - I would like it all 'in ldap', if at all
> possible.
See the uidPool objectclass in samba.schema. You would do it like
this....
do {
get the curent rid and the
issue the following change in on ldap_modify()
{
dn: cn=ridPoool,<...>
changetype: modify
delete: rid
rid: <old rid>
-
add: rid
rid: <new rid>
}
} while ldap_modify() fails;
This should be done atomically on the entry. If the odl value cannot be
deleted, the update will fail and you know someone changed it out from
under you.
> Could we use LDAP DNs for this purpose? An LDAP distinguished name must
> be unique - so why don't we have a separate 'allocation suffix'
No!!!!! No more parameters. Just place it one level under the already
defined suffix and searc for (objectclass=ridPool).
> rid=1000,cn=rids,dc=example,dc=com
> rid=1001,cn=rids,dc=example,dc=com
> rid=1002,cn=rids,dc=example,dc=com
> While this generates a lot of DNs, I think it gives us a unique way to
> allocate these... (Which is much better than the racy stuff we have
> now).
i don't follow you here. This seems like adding entries for no reason.
> It's also a relitivly simple scheme, so we have a fighting chance that
> external LDAP admin tools might use this too, when adding Samba
> attributes.
cheers, jerry
---------------------------------------------------------------------
Hewlett-Packard http://www.hp.com
SAMBA Team http://www.samba.org
-- http://www.plainjoe.org
"SAMS Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2
--"I never saved anything for the swim back." Ethan Hawk in Gattaca--
More information about the samba-technical
mailing list