[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to make OpenLDAP use random (v4) UUIDs in entryUUID attribute



On Fri, May 31, 2013 at 1:55 AM, Michael StrÃder <michael@stroeder.com> wrote:

> Hmm, what do you mean with "same semantics"?

I mean it's a globally-unique identifier that gets minted once per
("physical") entry (i.e. if you deleted the DN and put it back, it
would have a different [GU]UID). But so as long as the entry exists,
it will be associated with that identifier.

> In both servers the objectGUID in MS AD and entryUUID in OpenLDAP are created
> by the server when adding an entry. The LDAPsyntax differs (OctetString vs.
> UUID). But you should carefully think about the implications converting AD's
> objectGUID to OpenLDAP's entryUUID though!

No interest (per se) in doing so; my interest is actually to borrow
the identifiers for RDF subjects (urn:uuid:â) so the contents can be
mapped back and forth between RDF statements and LDAP entries. I
considered just using LDAP URIs but keeping track of DN changes would
be a nightmare.

> During the Novell->OpenLDAP migration we decided to migrate the
> GUID->entryUUID because of the requirement to correctly sync the data also in
> the case entries were renamed.

So yes, my interest is more similar to this.

> If you need a persistent common primary key between AD and OpenLDAP you should
> rather think about syncing AD's objectSID and take care of the SID history
> after using AD domain migration tool.

I will definitely keep this in mind. Thanks!

--
Dorian Taylor
http://doriantaylor.com/