On 22 November 2012 12:03, Russell Coker <russell@coker.com.au> wrote:
It seems to me that there are two ways of avoiding race conditions, one is to create the object and then search for other objects with the same UID. The other is to include the UID but not the user-name in the dn, as the dn MUST be unique an attempt to add a second object with the same UID will fail at the LDAP protocol level.
As we are talking about LDAP I assume you mean uidNumber here. uid is the LDAP field for the user's login name (was known as userid in X.500). Defacto standard practice make uid= an RDN value (i.e. include it in the DN), for precisely this reason, not the uidNumber. Another standard I have seen is to use cn= in the RDN. As far as I can tell, after very quick glance, none of the standards, e.g. http://www.ietf.org/rfc/rfc2253.txt, care about what value you use in the RDN, although I may have missed something. So, yes, having uidNumber a RDN might be OK, however (a) this ideally needs to be done before the database is created, or you end up with inconsistent DNs (not that this really matters) and (b) you lose the ability to keep the uid unique. -- Brian May <brian@microcomaustralia.com.au>