[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Greatest value
I think this suggestion takes the prize for the simplest and most effective way
to solve the problem.
There are a couple of drawbacks, although they are easily overcome:
1. Somehow the stored maximum value could become incorrect - the other methods
mentioned could be used to find and set the correct maximum value.
2. It does not reuse vacant numbers from deleted users. - AFAIK, Current systems
using /etc/passwd don't do this either. Although, it could be a problem in
certain circumstances. e.g. A user is deleted; existing files owned by that user
are inherited by the next user to get the same userid.
Quoting Norbert Klasen <klasen@zdv.uni-tuebingen.de>:
> GOMBAS Gabor wrote:
> >
> > On Wed, Nov 22, 2000 at 04:42:54PM -0600, Matthew Hoskins wrote:
> >
> > > My LDAP stores UIDnumbers for users on the UNIX systems we administer.
> > > To create a new user, I need the next available UID (which is the
> > > highest UID + 1).
> >
> > Not an LDAP solution, but I used the following trick with NIS+: store
> > the last allocated uid in a local file. When creating a new user, read
> this
> > stored value, increment it, and do an LDAP search to see if it exists. If
> > it does, repeat the process.
>
> One could add an attribute like "highestAssignedUidNumber" to the ou
> holding your accounts. To create a new user, read this attribute. Then
> use ONE ldap operation to delete the old value and readd the incremented
> value. Since ldap opreations are atomic, this increment is atomic. If
> the operation fails with "No such attribute (modify: delete values
> failed)", somebody else has incremented the value in the meantime. Just
> try again.
>
> > It's not a very elegant solution, but works nicely as far as you use the
> > same machine to create all new users.
>
> Since the value is available in the directory, you don't need to use the
> same machiene to create all new users. But you need to make all your
> mechanims or programs for creating users use this value.
>
> How about:
>
> attributetype ( 1.3.6.1.4.1.6916.1.1.1
> NAME 'highestAssignedUidNumber'
> DESC 'highest currently assigned UidNumber for posix accounts in a
> domain/organization/realm'
> EQUALITY integerMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
> SINGLE-VALUE )
>
> objectclass ( 1.3.6.1.4.1.6916.1.2.1
> NAME 'UidNumberManagement'
> DESC 'information on UidNumbers in a domain/organization/realm'
> SUP top AUXILIARY
> MUST highestAssignedUidNumber )
>
> Other attributes which could be stored in such an object are
> minUserUidNumber (for use in pam_ldap; to keep system accounts local in
> /etc/passwd and just users in ldap), maxUidNumber
>
> While I'm at it, how about a template entry for new accouts with
> attributes like:
> gidNumber, homeDirectory, loginShell, shadowMin, shadowMax,
> shadowWarning, shadowInactive
>
> --
> Norbert Klasen
> DFN Directory Services tel: +49 7071 29 70335
> ZDV, Universität Tübingen fax: +49 7071 29 5912
> Wächterstr. 76, 72074 Tübingen http://www.directory.dfn.de
> Germany norbert.klasen@zdv.uni-tuebingen.de
>
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/