[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Record Locking Proposal



Jim C wrote:
What about creating a semaphore objectclass?
...
know how we can grant access to "all" if the value is blank or if it is set to a specific value?

I think I can answer this one also now. When one designs one's scripts, one simply makes sure that they agree on what the "blank" dn is. You use that dn to attempt a modify and if it fails you don't get access or you write in a loop that waits x number of seconds between retries etc.


Hm.... no wait. maybe we don't even need a changeable dn...

Let's say that per S.O.P. we are keeping the value of the next available uidNumber in the database. Let's say in dn=proxyuser,dc=example,dc=net.

When we do our modify, we maybe can protect against having had the value already changed by specifying the retrieved value in the dn for the modify.

/*
Note: This example is in PHP.
Previous search for uidNumber places value in a variable called $number
*/

$booleantest=ldap_mod_replace($ds,"uidNumber=$number,cn=proxyuser,dc=microverse,dc=net", $changed_entry);

Assumeing that "uidNumber=$number,cn=proxyuser,dc=microverse,dc=net" is proper syntax for an attribute's specific dn AND assumeing that dn integrity is enforced by the database and not the function ( none which I am sure of ), if uidNumber has been changed the above will fail and $booleantest will be false!!

If this or something like it works, it will be a technique by which a semantic synanym for semaphoric behaviour can be implemented over many machines and by any language that can access LDAP. :):):):)