Hi all, Anyone out there have significant experience using the PHP/ldap interface? It appears to me that it's missing some important functionality, but I might just not be seeing how to do it.
I have a user-management application which needs to manage an openLDAP user base of several thousand users. For adding users, we need a way to get the next available UID number without creating a race condition where two users could simultaneously grab the same UID number. The question of how to best do this (on the LDAP side) has been hashed over quite a bit on the openldap-software mailing list. Without repeating all that discussion, the conclusion is that we need to grab a "highestAssignedUid" attribute of the "ou=users,dc=example,dc=com" entry and increment it using an attribute modify operation like this: dn: ou=users,dc=example,dc=com changetype: modify delete: highestAssignedUid highestAssignedUid: 500 - add: highestAssignedUid highestAssignedUid: 501 This solves the problem, because LDAP modify operations are atomic, and this modify operation will fail if the 'highestAssignedUid' attribute no longer has the value that we grabbed (eg 500). So if we grab the highestAssignedUid, and then our increment fails, we just back off and try the whole thing over again. If the increment succeeds, we know we've got a unique UIDnumber. But here's the problem: The PHP/ldap interface doesn't seem to have any way of supporting this type of modify, where one value is deleted and another added in a single atomic modify operation. ldap_mod_replace() and ldap_modify() replace /all/ the values of an attribute, irrespective of previous values. ldap_mod_del() will delete a specific value of an attribute, and ldap_mod_add() will add a value to an attribute without replacing existing ones, but if I have to make two function calls I've lost the crucial feature, which is atomicity, and reintroduced the race condition. Is there any good solution here? TIA for any advice, Carl -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
