On 3/25/09 2:00 AM, Philip Yarra wrote:
Now I need a way to safely increment that value. I see from this
(http://www.ietf.org/rfc/rfc4525.txt) that it can be done, and OpenLDAP
supports it. But what I cannot understand is how to do this via JNDI. I
can issue a DirContext.modifyAttribute() command, but the only
modification operations I can see supported are add, remove and replace.

One alternative seems to be to get the current value, increment it, then
do a replace - which of course risks two people created concurrently
getting the same uidNumber.

Another option is to create a single-value attribute as a lock - if that
succeeds, proceed to get, increment and set the counter, then remove the
locking attribute.

Ideally, I'd really like to use a mod-increment - can anyone advise? If
not: what would people recommend?

Since you mention OpenLDAP, I'll tell you that this was discussed sometime ago on the OpenLDAP-Software mailinglist. There is transactional integrity at the DN level. So, to do what you want and make certain you are safe, you need to build a modify deck that deletes the existing value of uidNumber and then adds the new number. If the modify call works, then you are safe and you have not assigned the uidnumber to two people. If it fails, you have to back up and get the existing number from your OpenLDAP server again, and try the modify a second time with the new values.

I have programmed this using the perl-ldap module. So, I can do the following:

my $umsg = $ld->modify($dn,
        delete => { 'uidNumber' => $currentvalue },
        add => { 'uidNumber' => $nextvalue});

(where $currentvalue is the value I just retrieved from my OpenLDAP server and $nextvalue is $currentvalue incremented by 1).

If $umsg says the modify worked, I'm good -- if not, I go back to the top of my loop and get $currentvalue again.

Frank Swasey                    | http://www.uvm.edu/~fcs
Sr Systems Administrator        | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
  "I am not young enough to know everything." - Oscar Wilde (1854-1900)

Reply via email to