[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Greatest value



I think this suggestion takes the prize for the simplest and most effective way 
to solve the problem. 

There are a couple of drawbacks, although they are easily overcome:
1. Somehow the stored maximum value could become incorrect - the other methods 
mentioned could be used to find and set the correct maximum value.

2. It does not reuse vacant numbers from deleted users. - AFAIK, Current systems 
using /etc/passwd don't do this either. Although, it could be a problem in 
certain circumstances. e.g. A user is deleted; existing files owned by that user 
are inherited by the next user to get the same userid.

Quoting Norbert Klasen <klasen@zdv.uni-tuebingen.de>:

> GOMBAS Gabor wrote:
> > 
> > On Wed, Nov 22, 2000 at 04:42:54PM -0600, Matthew Hoskins wrote:
> > 
> > > My LDAP stores UIDnumbers for users on the UNIX systems we administer.
> > > To create a new user, I need the next available UID (which is the
> > > highest UID + 1).
> > 
> > Not an LDAP solution, but I used the following trick with NIS+: store
> > the last allocated uid in a local file. When creating a new user, read
> this
> > stored value, increment it, and do an LDAP search to see if it exists. If
> > it does, repeat the process.
> 
> One could add an attribute like "highestAssignedUidNumber" to the ou
> holding your accounts. To create a new user, read this attribute. Then
> use ONE ldap operation to delete the old value and readd the incremented
> value. Since ldap opreations are atomic, this increment is atomic. If
> the operation fails with "No such attribute (modify: delete values
> failed)", somebody else has incremented the value in the meantime. Just
> try again.
>  
> > It's not a very elegant solution, but works nicely as far as you use the
> > same machine to create all new users.
> 
> Since the value is available in the directory, you don't need to use the
> same machiene to create all new users. But you need to make all your
> mechanims or programs for creating users use this value.
> 
> How about:
> 
> attributetype ( 1.3.6.1.4.1.6916.1.1.1
>    NAME 'highestAssignedUidNumber'
>    DESC 'highest currently assigned UidNumber for posix accounts in a
> domain/organization/realm'
>    EQUALITY integerMatch
>    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
>    SINGLE-VALUE )
> 
> objectclass ( 1.3.6.1.4.1.6916.1.2.1
>    NAME 'UidNumberManagement'
>    DESC 'information on UidNumbers in a domain/organization/realm'
>    SUP top AUXILIARY
>    MUST highestAssignedUidNumber )
> 
> Other attributes which could be stored in such an object are
> minUserUidNumber (for use in pam_ldap; to keep system accounts local in
> /etc/passwd and just users in ldap), maxUidNumber
> 
> While I'm at it, how about a template entry for new accouts with
> attributes like:
> gidNumber, homeDirectory, loginShell, shadowMin, shadowMax,
> shadowWarning, shadowInactive
> 
> -- 
> Norbert Klasen
> DFN Directory Services                           tel: +49 7071 29 70335
> ZDV, Universität Tübingen                        fax: +49 7071 29 5912
> Wächterstr. 76, 72074 Tübingen              http://www.directory.dfn.de
> Germany                             norbert.klasen@zdv.uni-tuebingen.de
> 


-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/