Hi all,

Anyone out there have significant experience using the PHP/ldap
interface?  It appears to me that it's missing some important
functionality, but I might just not be seeing how to do it.

I have a user-management application which needs to manage an openLDAP
user base of several thousand users.  For adding users, we need a way to
get the next available UID number without creating a race condition
where two users could simultaneously grab the same UID number.

The question of how to best do this (on the LDAP side) has been hashed
over quite a bit on the openldap-software mailing list.  Without
repeating all that discussion, the conclusion is that we need to grab a
"highestAssignedUid" attribute of the "ou=users,dc=example,dc=com" entry
and increment it using an attribute modify operation like this:

dn: ou=users,dc=example,dc=com
changetype: modify
delete: highestAssignedUid
highestAssignedUid: 500
add: highestAssignedUid
highestAssignedUid: 501

This solves the problem, because LDAP modify operations are atomic, and
this modify operation will fail if the 'highestAssignedUid' attribute no
longer has the value that we grabbed (eg 500).  So if we grab the
highestAssignedUid, and then our increment fails, we just back off and
try the whole thing over again.  If the increment succeeds, we know
we've got a unique UIDnumber.

But here's the problem: The PHP/ldap interface doesn't seem to have any
way of supporting this type of modify, where one value is deleted and
another added in a single atomic modify operation.  ldap_mod_replace()
and ldap_modify() replace /all/ the values of an attribute, irrespective
of previous values.  ldap_mod_del() will delete a specific value of an
attribute, and ldap_mod_add() will add a value to an attribute without
replacing existing ones, but if I have to make two function calls I've
lost the crucial feature, which is atomicity, and reintroduced the race

Is there any good solution here?

TIA for any advice,

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to