On Tue, Jan 13, 2009 at 5:10 PM, Pierre-Arnaud Marcelot <[email protected]> wrote: > Hi guys, > > I have a tricky question which is not really related specifically to > ApacheDS but more LDAP specific. > > I'm working on porting to LDAP a kind of RBAC API for handling Users, Rights > and Applications which is based on a relational database. > > Most of these objects are based on an integer primary key (and an > auto-increment property placed on the associated table) that I need to keep > when porting the API. > The problem is LDAP servers does not know about "auto-increment" IDs. > > Do you have any recommended design pattern for solving such a problem?
In a replicated multi-master environment this is non trivial matter if you want to retain consistency, avoid duplicate numbers being assigned and want to have high performance. I think that Red Hat has solved this quite elegantly in Fedora Directory Server with their DNS (Distributed Numeric Assignment) plugin: http://directory.fedoraproject.org/wiki/DNA_Plugin http://directory.fedoraproject.org/wiki/DNA_Plugin_Proposal In general, servers that take part in replication agreements, get numeric range assignments that they can use exclusively and renew them when they begin to run out of numbers in those ranges. It would be nice to see similar functionality implemented in Apache Directory Server in the future. -- Best Regards, Aleksander Adamowski http://olo.org.pl
