[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Unique user accounts
Hi, Peter,
On Sat, 27 Sep 2003 19:08:17 +0200
Peter Marschall <peter@adpm.de> wrote:
> > > Our scenario:
> > > Our customers get unique, but ugly identifiers which are created
> > > by a mechanism not under our control.
> > Those identifiers are, as I wrote, unique, and thus serve well as an
> > internal ID tag. So I don't need an "atomic incremental" scheme for
> > creating unique ids in a near-sequential way.
> > > Now we want to enable them to create alias names via web
> > > interface. As this alias names are to be used for creation of web
> > > urls and email adresses, they must be unique.
> > > Now, how can I ensure in a bullet-proof way that an alias name is
> > > unique?
> Don't test and write, but write and test the result.
> If the write is successful, then use this value.
> If the write fails with the error message that such an entry is
> already there(LDAP_ALREADY_EXISTS) then let the user try another
> alias.
> The LDAP server has to make sure that no two objects with the same
> name get entered into the same container in the directory.
Yes, but this only works when the alias is part of the dn which is not
the case in our scenario. The ugly, machine generated uid we get by our
partners and we don't have much influence on is already unique and part
of the dn.
Additionally, as you write, all objects have to exist in the same
container, whereas our account objects are structured in a 5-level deep
tree.
The alias is a convenience tribute to our customers so they can
identify themselves in the preferences page using their nick. So using
your method would require to have one container object where we create a
sub object for every alias. And it is not waterproof as well as an app
theoretically might crash between working on this alias object and
committing the corresponding changes to the real account object, thus
leaving inconsistencies.
Maybe we have to go this way in the future, but in the moment we try to
live with the external lock, to avoid such object duplication.
Thanks for your ideas,
Markus
--
-----------------------------------------------------------------------
| ScanPlus GmbH NOC Ulm Tel +49 731 92013 106 |
| Koenigstr. 78 * D 89077 Ulm Fax +49 731 92013 290 |
| http://www.scan-plus.de/ Amtsgericht Ulm HRB 3220 |
| mailto:info@scan-plus.de Geschaeftsf.: Juergen Hoermann |
-----------------------------------------------------------------------
Diese E-Mail koennte vertrauliche und/oder rechtlich geschuetzte
Informationen enthalten. Wenn Sie nicht der richtige Adressat sind oder
diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort
den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren
sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.
-----------------------------------------------------------------------
This e-mail may contain confidential and/or privileged information.
If you are not the intended recipient (or have received this e-mail
in error) please notify the sender immediately and destroy this e-mail.
Any unauthorised copying, disclosure or distribution of the material
in this e-mail is strictly forbidden.
-----------------------------------------------------------------------