Re: automatic uidnumber overlay

[Dan White <dwhite@olp.net>]

Emmanuel Dreyfus wrote:
> On Mon, Jun 09, 2008 at 09:30:24PM -0700, Howard Chu wrote:
> > Interesting. Perhaps instead, your overlay should just maintain a fixed 
> > entry with a copy of the largest uidNumber in it, instead of searching the 
> > entire tree all the time.
>
> FWIW, I had the same need, plus allocating gidNumber, sambaSID and whatever.
> I do with with a dirty hack that filters the output of an accesslog 
> overlay directed to a shell backend.
>
> When I'll have some time, I'd like to write on a slapo-exec, to run 
> external scripts on various conditions. That would be much cleaner.

We've also had a similar need. Our solution was to randomly 
generate the uidNumber and gidNumber, between values of 70000 and 
2000000, and then make the attributes unique with the unique 
overlay. Also, we use the constraint overlay to prevent the value 
from accidentally getting set to something dangerous (< 100).

Our user base is relatively small, but in the case we randomly 
generate an existing uid, we just start over.

Our user generation perl script looks something like:

sub new_random_uid {
    my $range = 1999929999;
    my $minimum = 70000;
    return int(rand($range)) + $minimum;
}

my $gid_number = new_random_uid();
my $g_samba_number = $gid_number * 2 + 1001;
my $uid_number = new_random_uid();
my $u_samba_number = $uid_number * 2 + 1000;


- Dan