On 21.02.2015. 19:45, Bernd May wrote:
You could also create a dummy user account that stores the next usable gid/uid pair (which you acquired once with the previous algorithm) and then query that account each time you create a new user, increase its gid and uid values and create your new user. This assumes some kind of conflict free numbering scheme of your users by which you can infer the next free number pair automatically.
If one has a special entry to track the highest uid, reuse of the uid value by multiple processes can be avoided by a ldapmodify operation which combines deleting the existing value with adding a new value. E.g., if the highest uid is in the uidNumber attribute of cn=maxUid,dc=example,dc=org, one would perform (in a pseudo-shell syntax):
maxuid=$(ldapsearch cn=maxUid uidNumber...) nextuid=$((maxuid+1))
ldapmodify <<! cn=maxUid,dc=example,dc=org changetype: modify delete: uidNumber uidNumber: $maxuid - add: uidNumber uidNumber: $nextuid !
If another process manages to update the entry between ldapsearch and ldapmodify, the delete operation will fail and the entry will be unchanged. The operation can then be retried with updated values.
(Not tested with multimaster replication and heavy write load/split-brain situations.)