hi, I faced the same problem a year ago and came to the same conclusion as Dan. OpenLDAP does not offer you a mechanism to duplicate attribute values upon entry or change (e.g. like triggers in a MySQL DB might do for you). So you have to make sure, during entry creation, that the proper values are assigned to the required attributes, e.g. by querying the OpenLDAP DB first, filtering for assigned numbers and selecting an unassigned uid and gid pair inside your user creation tool. You could also create a dummy user account that stores the next usable gid/uid pair (which you acquired once with the previous algorithm) and then query that account each time you create a new user, increase its gid and uid values and create your new user. This assumes some kind of conflict free numbering scheme of your users by which you can infer the next free number pair automatically. What OpenLDAP does offer is the possibility of checking this constraint for you by employing the slapo-unique overlay (to make sure you do not assign a number that is already in use) and the slapo-constraint overlay (to make sure the gid and uid attribute have the same value). I advise reading the man pages to get some understanding on how they work and maybe have a look at the OpenLDAP Administrators Guides Overlay section. Regards -- Bernd May
Attachment:
signature.asc
Description: OpenPGP digital signature