HP-UX Directory Server 8.1 administrator guide
For multi-master replication, each supplier can be configured with a threshold, so that when it
begins running out of numbers in its range, it can request additional ranges from other suppliers.
Each supplier keeps a track of its current range in a separate configuration entry. The configuration
entry is replicated to all the other suppliers, so each supplier can check that configuration to find
a server to contact for a new range.
The range set on the individual servers and the range configuration entries are how the Directory
Server distributes numbers efficiently for entries.
The DNA Plug-in is applied, always, to a specific area of the directory tree (the scope) and to
specific entry types within that subtree (the filter).
For example, both the uidNumber and gidNumber attributes require unique numbers. However,
because these are separate attributes, then they are considered separate ranges. A user can have
uidNumber:5 and another user can have gidNumber:5 in the entries without a conflict because
the uidNumber and gidNumber attributes are in separate ranges. The attribute to which a range
is applied is set in the DNA filter, such as dnaFilter: uidNumber.
Frequently, entirely different users are stored in different branches of the directory tree. For
example, a hosting service may have one clients' users in the ou=Example Corp. branch and
another clients' users in the ou=Acme Company branch. In this case, the assigned numbers have
to be unique within the subtree but not necessarily across the entire directory. In this case, it is
all right for Barbara Jenson in the ou=Example Corp. branch to have uidNumber:5 in her
entry and for John Smith in the ou=Acme Company branch to have uidNumber:5 in his entry,
because these are separate organizations. Applying ranges to a specific subtree is set in the DNA
scope, such as dnaScope: ou=people,dc=example,dc=com.
The unique number can also be distinguished between ranges by using a prefix to identify the
different kinds of user entries. For example, if the DNA prefix is set to acme, then the unique
numbers in the Acme Company branch have acme in front of the number, like uid: acme5.
3.6.1.2 Using DNA to assign values to attributes
There are several different ways that the Directory Server can handle generating attribute values.
In the simplest case, a user entry is added to the directory with an object class, which requires
the unique-number attribute, but without the attribute. Adding (or requiring) the managed
attribute without a value triggers the DNA Plug-in to assign a value. When an entry is added,
the plug-in checks whether the entry matches the defined range according to the scope and filter
set for the plug-in. If the entry matches the range and the attribute that DNA is managing for
that range is missing from the entry being added, then the DNA Plug-in assigns the next value.
For example, the posixAccount object class requires the uidNumber attribute. If the uidNumber
attribute is managed by the DNA Plug-in and a user entry is added without the uidNumber
attribute within the scope of the filter, then the server checks the new entry, sees that it needs
the managed uidNumber attribute, and adds the attribute with an automatically assigned value.
ldapmodify -a -D "cn=directory manager" -w secret -p 389 -h server.example.com
dn: uid=jsmith, ou=people, dc=example,dc=com
objectClass: top
objectClass: person
objectClass: posixAccount
uid: jsmith
cn: John Smith
....
The plug-in processes the missing attribute, asks for the next available number from the server,
and supplies the value for the entry.
A similar and more manageable option is to use a magic number. This magic number is a template
value for the managed attribute, something outside the server's range, a number or even a word,
that the plug-in recognizes it needs to replace with a new assigned value. When an entry is added
with that number, and the entry is within the scope and filter of the configured DNA Plug-in,
3.6 Assigning and managing unique numeric attribute values 133