[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap entry modification

daniel rahmeh wrote:

I have a question concerning the best method to modify an entry (in openldap) using a programming API like php.

php offers the ability to modify an entry using some fucntions like
ldap_modify, ldap_mod_add, ldap_mod_del. sometimes it's complicated to
use these functions, in this case, developpers use another approach,
which is deleting the entry and then add it with the new attributes

What do you mean with complicated?

my question is: is it fine to delete an entry and re-add it?? does
this affect the performance of openLDAP?

I consider this to be bad practice:
1. A new entry gets a new entryUUID which definitely leads to a new entry being replicated. Note that some other legacy sync mechanisms might also rely on entryUUID being constant for a given entity represented by the entry.
2. The directory server might do some other things hidden to the application with other operational attributes (e.g. MS AD). This might lead to user accounts being deactivated when being re-added etc.

In python-ldap there is a function ldap.modlist.modifyModlist() which generates a diff (list of modifications) of an old an a new entry which can be passed to method LDAPObject.modify(). Maybe something like this could be implemented in PHP to make it more easier.

Ciao, Michael.