I am trying to find / search the maximum UID value in LDAP entry using the python module. My code looks something like this for the time
def search_max_uid():
filter_uid = 'uid=*'
attributes = ['uidNumber']
resulting = l.search_ext(base_dn,ldap.SCOPE_SUBTREE,filter_uid,attributes)
print resulting
Once i get the max UID from the whole server i can +1 and add a new user into the group. I saw some posts like http://www.openldap.org/lists/openldap-software/200110/msg00539.html and http://www.perlmonks.org/?node_id=457108 which are very similar to my question
Can someone help me finding the max UID so that i can solve this.
Trying to solve something similar I think this works in getting the next available uidNumber:
import ldap
l = ldap.initialize("ldap://localhost")
l.simple_bind_s("cn=blah,dc=blah,dc=blah", supersecretpassword)
res = l.search_s("dc=blah,dc=blah", ldap.SCOPE_SUBTREE, 'objectclass=posixaccount', ['uidNumber'])
uidNum = 0
for a in res:
uidNumtemp = a[1].get('uidNumber')[0]
if uidNumtemp > uidNum:
uidNum = uidNumtemp
print "Highest:", uidNum
nextNum = int(uidNum) + 1
print "next uidNumber:", nextNum
If you use an LDAP server which supports server-side sorting (see RFC 2891 ), like OpenLDAP with slapo-sssvlv , you could search the highest number by searching exactly one search result with reversed sorting order.
Python snippet based on python-ldap (excerpt from one of Æ-DIR's CLI tools):
import ldap
from ldap.controls.sss import SSSRequestControl
def highest_id(ldap_conn, searchbase, id_attr):
"""
search the highest value of `id_attr' by using server-side (reverse) sorting
"""
# reverse sorting request control
sss_control = SSSRequestControl(criticality=True, ordering_rules=['-'+id_attr])
# send search request
msg_id = ldap_conn.search(
searchbase,
ldap.SCOPE_SUBTREE,
'({0}=*)'.format(id_attr),
attrlist=[id_attr],
sizelimit=1,
serverctrls=[sss_control],
)
# collect result
ldap_result = []
try:
for _, res_data, _, res_controls in ldap_conn.results(
msg_id,
add_ctrls=0
):
ldap_result.extend(res_data)
except ldap.SIZELIMIT_EXCEEDED:
pass
if not ldap_result:
logging.error('No entry with attribute %r found!', id_attr)
raise ValueError('No LDAP result!')
highest_id_number = int(ldap_result[0][1][id_attr][0])
logging.debug('Highest %r value found: %d', id_attr, highest_id_number)
return highest_id_number
Note that this is not always what you want when assigning new IDs because gaps in the ID number space are not (re-)used.
Also make sure to use a server-side unique constraint plugin, eg OpenLDAP's overlay slapo-unique . This avoids duplication in case concurrent clients add new entries.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.