Atomic RID allocation in LDAP

Andrew Bartlett abartlet at
Sat Oct 12 23:49:01 GMT 2002

Volker.Lendecke at SerNet.DE wrote:
> On Sat, Oct 12, 2002 at 07:17:10PM +1000, Andrew Bartlett wrote:
> > I've been thinking about the problem of allocating RIDs in LDAP.
> Look at google for 'ldap atomic increment'. The second article gives some hints
> on how an atomic increment might be implemented in LDAP. I have not programmed
> LDAP before, but I might be tempted to try that approach. As the atomicity is
> only interesting for internal samba use (others can not be forced to adhere to
> any scheme), we might as well go for a mutex similar to those used when
> accessing a domain controller for authentication.

I think that misses the point.  Sure, we could use a tdb - but given
there is known algorithm for this (and a big thankyou to those that
pointed it out to me) we should use it.  We can't force non-samba users
to behave correctly, and we will have to 'double-check' the results of
any 'nextrid' call, but if we document it clearly, we have a much better
chance that we can convince others to 'play by the rules'.

External admin apps are one of the major reasons I decided to go to
LDAP.  I expect that others have done the same - so lets try and make
they easy to do 'right', rather than dismissing them as 'not our

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at

More information about the samba-technical mailing list