25 Nov
2012
25 Nov
'12
12:43 a.m.
On 22 November 2012 12:03, Russell Coker <russell(a)coker.com.au> wrote:
It seems to me that there are two ways of avoiding
race conditions, one is to
create the object and then search for other objects with the same UID. The
other is to include the UID but not the user-name in the dn, as the dn MUST be
unique an attempt to add a second object with the same UID will fail at the
LDAP protocol level.
As we are talking about LDAP I assume you mean uidNumber here.
uid is the LDAP field for the user's login name (was known as userid in X.500).
Defacto standard practice make uid= an RDN value (i.e. include it in
the DN), for precisely this reason, not the uidNumber. Another
standard I have seen is to use cn= in the RDN.
As far as I can tell, after very quick glance, none of the standards,
e.g. http://www.ietf.org/rfc/rfc2253.txt, care about what value you
use in the RDN, although I may have missed something.
So, yes, having uidNumber a RDN might be OK, however (a) this ideally
needs to be done before the database is created, or you end up with
inconsistent DNs (not that this really matters) and (b) you lose the
ability to keep the uid unique.
--
Brian May <brian(a)microcomaustralia.com.au>