[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: unique values

To: Howard Chu <hyc@symas.com>, "A. Schulze" <sca@andreasschulze.de>, openldap-technical@openldap.org
Subject: Re: unique values
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Tue, 07 Mar 2017 09:26:44 -0800
Content-disposition: inline
In-reply-to: <e7ff393d-9270-3474-f6db-21c599bce411@symas.com>
References: <20170306163711.Horde.gRGGxzEzzV6O8YvS8PNBOuO@andreasschulze.de> <WM!a05dc61467a46ceb9233d863974050b844a495b18b9e7a41876c5ae46f524d772a9e2dde155194b491aaccfaa1952356!@mailstronghold-1.zmailcloud.com> <06C3BC1193844B9710E2F192@[192.168.1.30]> <WM!31157f8bfd9c9eb3dea3ce736b167fc249154d8c7470fbac4cfc48717f29395f87791b144354266e5f128c41318cb43b!@mailstronghold-3.zmailcloud.com> <e7ff393d-9270-3474-f6db-21c599bce411@symas.com>

--On Tuesday, March 07, 2017 4:58 PM +0000 Howard Chu <hyc@symas.com> wrote:

This is bad advice. If you actually want a UUID then use entryUUID. As
noted, it is defined in RFC4530 which means it isn't going to change. The
format of UUIDs is well-established in internet standards.

I disagree. :) There are perefectly valid reasons to avoid using the LDAPcreated UUID.

When an existing attribute has *exactly* the syntax and semantics that
you want, use it.

suRegID and zimbraID are not UUIDs are they?

Yes, they are UUIDs. In Stanford's case, the UUID was generated outside ofLDAP in another system, and used as a reference through multitudes of othersystems, many of which had no access to LDAP. Using the entryUUID wouldnot have been feasible.

In Zimbra's case, there's a capability to store the non-operationalattributes of an account for restoration at a later date via otherutilities. The licensed nature, based off total accounts, for Zimbra'scommercial product means that deleting inactive accounts is a commonprocedure, as well as restoring them at a later date. Restoring a singleaccount where operational attributes are present is a pain. In addition,at least one customer did not use OpenLDAP as the backend store. Having apersistent UUID on the account was necessary because other portions of theproduct could retain references to an old account even once deleted thatwould need to be consistent if the account was restored.

Using your own identifier ensures that will not be an issue.  Also, if
you do things like allow backing up/restoring user entries that have
gotten deleted, a restored entry (depending on the method use) may end
up with a new entryUUID.


Yes, you should only use the recommended backup procedures.


The above not really isn't about backup, it's about restoration.  See above.

--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

References:
- unique values
  - From: "A. Schulze" <sca@andreasschulze.de>
- Re: unique values
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: unique values
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: unique values
Next by Date: Re: unique values
Index(es):
- Chronological
- Thread