[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap entry modification

To: "Michael Ströder" <michael@stroeder.com>
Subject: Re: openldap entry modification
From: "daniel rahmeh" <daniel.rahmeh@gmail.com>
Date: Thu, 17 Jul 2008 14:53:51 +0200
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <487F2C5B.9020100@stroeder.com>
References: <fda120b70807170320j5a509192m44eef43b2a9e3457@mail.gmail.com> <487F2A5F.5040807@stroeder.com> <487F2C5B.9020100@stroeder.com>

Hi Michael,

Thank you, we are going to define a modification strategy based on
updating the entry in order to avoid deleting then recreating it

Have a nice day

Daniel

On Thu, Jul 17, 2008 at 1:26 PM, Michael Ströder <michael@stroeder.com> wrote:
> Michael Ströder wrote:
>>>
>>> my question is: is it fine to delete an entry and re-add it?? does
>>> this affect the performance of openLDAP?
>>
>> I consider this to be bad practice:
>> 1. A new entry gets a new entryUUID which definitely leads to a new entry
>> being replicated. Note that some other legacy sync mechanisms might also
>> rely on entryUUID being constant for a given entity represented by the
>> entry.
>> 2. The directory server might do some other things hidden to the
>> application with other operational attributes (e.g. MS AD). This might lead
>> to user accounts being deactivated when being re-added etc.
>
> 3. If your ACLs define write-only passwords like I usually do with OpenLDAP
> or like MS AD does it then you don't have a chance to re-add the fully
> activated entry even when connecting as admin user.
>
> Ciao, Michael.
>

References:
- openldap entry modification
  - From: "daniel rahmeh" <daniel.rahmeh@gmail.com>
- Re: openldap entry modification
  - From: Michael Ströder <michael@stroeder.com>
- Re: openldap entry modification
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: openldap entry modification
Next by Date: forcing group membership removal
Index(es):
- Chronological
- Thread