[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to make OpenLDAP use random (v4) UUIDs in entryUUID attribute

To: openldap-technical@openldap.org
Subject: Re: How to make OpenLDAP use random (v4) UUIDs in entryUUID attribute
From: dorian taylor <dorian.taylor.lists@gmail.com>
Date: Fri, 31 May 2013 09:47:44 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=zriY00lY7Uh1Yd7A4eROapvVbb+c5G5PBD5J2KG8qeg=; b=k3YxT0dlVBTodumj0d8DJJGk4vYmrbu4sH4xkXYUC/O9vvXDFxxlvl0faQjnAMKIKP BbnI9UlKCxjk6IxASg8t7cd0hLV39H6zqNVA9hQMHK74PKmTk+/e/g+cyLZNe7HG9Uoh 7bjEfhYbxhSoCtlumGTQUwLUcKsg0VKYziRVDv3St9v0684xOt3/ft2KMLpNtY7h9j6F m0iX/w5f/rT0MwKOVL4HzonBGUs2mOCq6yrjtAKIEIqVGEhBX4ISGNxQP/U1+MTPL/0e k0jYvx0sASIFVgONsGXXeevZa5fMyh2Ew/AWE0lSPvzDX5aoS8vVnqC1RdK+jtg5ss9N Jm4g==
In-reply-to: <51A8658F.4060509@stroeder.com>
References: <CAMrqWm1wN_BmHdYdUKLq6MBFqKSh8rT9-eNyeEg9sVYmywC07w@mail.gmail.com> <51A795A9.5010700@stroeder.com> <CAMrqWm0XU1Q2N2kdykRqO2AFaxL076F2_G7U43Y74CDq4LpxQw@mail.gmail.com> <51A8658F.4060509@stroeder.com>

On Fri, May 31, 2013 at 1:55 AM, Michael StrÃder <michael@stroeder.com> wrote:

> Hmm, what do you mean with "same semantics"?

I mean it's a globally-unique identifier that gets minted once per
("physical") entry (i.e. if you deleted the DN and put it back, it
would have a different [GU]UID). But so as long as the entry exists,
it will be associated with that identifier.

> In both servers the objectGUID in MS AD and entryUUID in OpenLDAP are created
> by the server when adding an entry. The LDAPsyntax differs (OctetString vs.
> UUID). But you should carefully think about the implications converting AD's
> objectGUID to OpenLDAP's entryUUID though!

No interest (per se) in doing so; my interest is actually to borrow
the identifiers for RDF subjects (urn:uuid:â) so the contents can be
mapped back and forth between RDF statements and LDAP entries. I
considered just using LDAP URIs but keeping track of DN changes would
be a nightmare.

> During the Novell->OpenLDAP migration we decided to migrate the
> GUID->entryUUID because of the requirement to correctly sync the data also in
> the case entries were renamed.

So yes, my interest is more similar to this.

> If you need a persistent common primary key between AD and OpenLDAP you should
> rather think about syncing AD's objectSID and take care of the SID history
> after using AD domain migration tool.

I will definitely keep this in mind. Thanks!

--
Dorian Taylor
http://doriantaylor.com/

References:
- How to make OpenLDAP use random (v4) UUIDs in entryUUID attribute
  - From: dorian taylor <dorian.taylor.lists@gmail.com>
- Re: How to make OpenLDAP use random (v4) UUIDs in entryUUID attribute
  - From: Michael StrÃder <michael@stroeder.com>
- Re: How to make OpenLDAP use random (v4) UUIDs in entryUUID attribute
  - From: dorian taylor <dorian.taylor.lists@gmail.com>
- Re: How to make OpenLDAP use random (v4) UUIDs in entryUUID attribute
  - From: Michael StrÃder <michael@stroeder.com>

Prev by Date: Re: extend groupOfURLs
Next by Date: Substring Indexes on userPassword Attribute
Index(es):
- Chronological
- Thread