[389-users] magic numbers (DNA) : console issues & gid assignment problem

Daniel Maher dma+389users at witbe.net
Mon Apr 19 14:03:22 UTC 2010 

On 04/16/2010 06:39 PM, Nathan Kinder wrote:

> The document you are using off of the wiki is an feature design document
> that was used while developing DNA.  Not everything mentioned in there
> is in the plug-in.  The ability to use multiple dnaType attributes in
> the same range is one of these things that is not implemented at this time.

Fair enough.  I assumed that the document entitled « DNA Plugin Proposal 
» was the design document, and that « DNA Plugin » was the proper 
documentation.  :/

> You can set up two separate ranges, one for the uidNumber attribute and
> another for the gidNumber attribute.  While this doesn't guarantee that
> uidNumber == gidNumber for a user, the values will indeed be the same if
> you configure the ranges the same and always let DNA generate the values
> for those attributes.  The main issue to deal with to ensure the values
> are the same would be to use a different range of gidNumbers for
> posixGroup entries.

It should be as easy as creating two separate entries and then 
integrating them both, yes ? ex. :

dn: cn=UID, cn=DNA
   ...
dnatype: uidNumber
dnamagicregen: 99999
dnanextvalue: 1000
dnafilter: (objectclass=posixAccount)
   ...

AND

dn: cn=GID, cn=DNA
    ...
dnatype: gidNumber
dnamagicregen: 99999
dnanextvalue: 1000
dnafilter: (objectclass=posixGroup)
    ...

Or, should i be creating the two separate entries, but using the 
combined filter range (i.e. 
(|(objectclass=posixAccount)(objectclass=posixGroup)) ), as you indicate 
below ?

> If you don't care if your gidNumber user private groups match the user's
> uidNumber, you can just create a single gidNumber range with a filter of
> "(|(objectclass=posixAccount)(objectclass=posixGroup))" to have your
> range span your user and group entries.

Is that not what i attempted to do (and what is outlined in the spec 
doc) ? :

 >> # cat dna_conf
 >> dn: cn=UID and GID numbers,cn=Distributed Numeric Assignment
 >> Plugin,cn=plugins,cn=config
 >> objectClass: top
 >> objectClass: extensibleObject
 >> cn: UID and GID numbers
 >> dnatype: uidNumber
 >> dnaType: gidNumber
 >> dnamagicregen: 99999
 >> dnafilter: (|(objectclass=posixAccount)(objectclass=posixGroup))
 >> dnascope: dc=example,dc=com
 >> dnanextvalue: 1000

Note the dnafilter line, which contains the range you specified above.

In any case, thanks for your commentary and input on this topic thus 
far.  In our environment, the DNA plugin is the « killer app » that we 
needed in order to get a Directory Server deployment going. :)


-- 
Daniel Maher <dma + 389users AT witbe DOT net>

More information about the 389-users mailing list