Race Condition LDAP User Create vs. User Application assign Role
Server A: eDir 9.1 Master, UA 4.7
Server B: eDir 9.1 R/W Replica, Custom Application
The Custom Application creates users in eDir via LDAP. Because of performance we had the idea to connect the Custom Application running on Server B against the local running eDir R/W Replica. But right after creation the Custom Application also wants to assign a role onto the newly created user by using the User Application. The result was a LDAP error (Invalid Syntax) while the User Application tried to create the Role Request Object on Server A. To be honest I haven't checked further but I am 99% sure that happened because the user which was created on Server B (running the Custom Application) was not already synced to Server A (running the User Application). If the Custom Application connects directly against the eDir Master on Server A the user creation and role assignment works fine.
So, is there a way to get notified by LDAP that the sync has been executed? E.g. if eDirectory would not response on the user creation until the sync is done everything would be fine. Is there a LDAP Option or something like?
If not, any other ideas on how to solve this Race Condition? Any other than "add 'sleep X seconds' in your custom application" is appreciated 😁
Another idea is to have a custom approval flow on the role with no approval action, but a custom error handling or retry logic in the workflow.
Hope this helps.