[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: best practices - dn:

--On Tuesday, February 03, 2009 2:38 PM -0800 Brian Krusic <brian@krusic.com> wrote:

Hi all,

I've read and config'd my ldifs as follows;

What do you think the most reliable dn value should be; with uid or with

What, you want to start a war? ;P

More seriously, I think name based DN's are generally problematic because names change. I.e., someone gets married or divorced. UID's change too, however, for similar reasons, or because someone picked something stupid as their uid. If you have assigned IDs that don't change, then that's fine.

For example, one place I worked used what are essentially UUID's as the container:

dn: suRegID=85e49978f61311d2ae662436000baa77,cn=people,dc=stanford,dc=edu

That way, no matter what happens to my name or UID, that suRegId value will always hold my data, regardless.



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration