[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap entry modification

To: daniel rahmeh <daniel.rahmeh@gmail.com>
Subject: Re: openldap entry modification
From: Michael Ströder <michael@stroeder.com>
Date: Thu, 17 Jul 2008 13:26:19 +0200
Cc: openldap-technical@openldap.org
In-reply-to: <487F2A5F.5040807@stroeder.com>
References: <fda120b70807170320j5a509192m44eef43b2a9e3457@mail.gmail.com> <487F2A5F.5040807@stroeder.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080702 SeaMonkey/1.1.11

Michael Ströder wrote:

my question is: is it fine to delete an entry and re-add it?? does
this affect the performance of openLDAP?
I consider this to be bad practice: 1. A new entry gets a new entryUUID which definitely leads to a new entry being replicated. Note that some other legacy sync mechanisms might also rely on entryUUID being constant for a given entity represented by the entry. 2. The directory server might do some other things hidden to the application with other operational attributes (e.g. MS AD). This might lead to user accounts being deactivated when being re-added etc.

3. If your ACLs define write-only passwords like I usually do with OpenLDAP or like MS AD does it then you don't have a chance to re-add the fully activated entry even when connecting as admin user.

Ciao, Michael.

Follow-Ups:
- Re: openldap entry modification
  - From: "daniel rahmeh" <daniel.rahmeh@gmail.com>

References:
- openldap entry modification
  - From: "daniel rahmeh" <daniel.rahmeh@gmail.com>
- Re: openldap entry modification
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: openldap entry modification
Next by Date: Re: openldap entry modification
Index(es):
- Chronological
- Thread