[Date Prev][Date Next]
Re: v2.2.24 structural object class modification not allowed
- To: Aleksandar Milivojevic <firstname.lastname@example.org>
- Subject: Re: v2.2.24 structural object class modification not allowed
- From: Michael Ströder <email@example.com>
- Date: Wed, 04 May 2005 19:56:44 +0200
- Cc: openldap-software@OpenLDAP.org
- In-reply-to: <4278D9BE.firstname.lastname@example.org>
- References: <4256CBE6.email@example.com> <4256FC6D.firstname.lastname@example.org> <email@example.com> <42576A54.firstname.lastname@example.org> <426176AB.email@example.com> <firstname.lastname@example.org> <4266A504.email@example.com> <4266B983.firstname.lastname@example.org> <4269F64A.email@example.com> <426A4F4D.firstname.lastname@example.org> <426D01C9.email@example.com> <426D0E8B.firstname.lastname@example.org> <426D178C.email@example.com> <426D1B56.firstname.lastname@example.org> <426D2386.email@example.com> <426DF07E.firstname.lastname@example.org> <email@example.com> <firstname.lastname@example.org> <4277C853.email@example.com> <firstname.lastname@example.org> <4278D9BE.email@example.com>
- User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050414
Aleksandar Milivojevic wrote:
> Michael Ströder wrote:
>> The administrator can simply delete the entry and re-add it with
>> appropriate structural object class chain. This feature is not necessary.
> However, there are some issues with this. First is
> the downtime. Second is that dumping/readding entire database would
> probably have more severe impact on performance, then simply adding an
> attribute to existing object.
You should benchmark this before making this statement.
Note that your directory data in production should be compliant to
LDAP/X.500 model anyway to avoid further problems with LDAP apps making
assumption about standard schema. Therefore you only have to sanitize
your data exactly once.
> Even if it needs to be done to the single entry (as opposed to the
> entire database), AFAIK you can't perform an atomic delete/add operation
> on an entry.
This is a poor argument. If you really care about this you could easily
wrap these operations into a transaction within your data sanitizing
program (since you know yourself how to roll back in this case).
Again: You only have to sanitize your data exactly once. If your LDAP
apps continously write broken data into your server get your apps fixed.
> I mostly access LDAP servers through various APIs,
So do I.