[Date Prev][Date Next] [Chronological] [Thread] [Top]

atomic number generator



Is this the correct way to increment and provision numbers from LDAP?

-----------------------------

## lookup current number
% /usr/local/bin/ldapsearch -LLL -b 'ou=Utils,o=ACME,c=US' employeeNextNumber
dn: cn=Registry,ou=Utils,o=ACME,c=us
employeeNextNumber: 8018

## delete current number and increment
% /usr/local/bin/ldapmodify ...
dn: cn=Registry,ou=Utils,o=ACME,c=us
delete: employeeNextNumber
employeeNextNumber: 8018
-
employeeNextNumber: 8019
modifying entry "cn=Registry,ou=Utils,o=ACME,c=us"

## entire operation will fail if repeated
% /usr/local/bin/ldapmodify ...
dn: cn=Registry,ou=Utils,o=ACME,c=us
delete: employeeNextNumber
employeeNextNumber: 8018
-
employeeNextNumber: 8019
modifying entry "cn=Registry,ou=Utils,o=ACME,c=us"
ldap_modify: No such attribute
       additional info: modify: delete values failed
ldif_record() = 16

-------------------------------

The best approach, if I remember correctly, was proposed by Norbert
Klausen and was based in using the atomicity property of modify
operations.  If instead of using replace for that attribute you ask in
the same Modify operation 'delete' of the old value plus 'add' of the
new (incremented) value, you are guaranteeed to either fail if someone
got there since you read the old max and tried to increment or succeed
and thus preempt anyone else following the same algorithm.  Because
all changes in the same modify MUST succeed or all of them MUST fail,
according to RFC2251.