I'm looking at a "self-service" web app which would allow people to request a shell account, and subsequently maintain their contact info, request password resets via mailback confirmation, etc.
We want to keep all of this info in an LDAP directory (implemented with OpenLdap of course). The idea is that when someone asks to create an account, an ldap entry would be created which would be marked as expired, ready to be "turned on" after someone on the staff authorized I've been looking around for examples of how others do similar things without much luck. My concern is that ldap, being a mostly read, and lightweight "database" lacks some of the facilities for concurrency control/transactions. I need to do things like validate that usernames, and userids are unique. It could be done by enumerating the existing values from the LDAP directory, but I can't see how to do it, together with the update as a transaction. Although it's probably unlikely that two people would be creating accounts at the same time, I'd like to close the window anyway. So I guess what I'm asking is, do systems like this really work directly with the LDAP directory, or is it more common to keep most or some of the information in say and RDB and drive changes to the LDAP directory from that? -- Rick DeNatale IPMS/USA Region 12 Coordinator http://ipmsr12.denhaven2.com/ Visit the Project Mercury Wiki Site http://www.mercuryspacecraft.com/ -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
