dorian taylor wrote:
On Thu, May 30, 2013 at 11:08 AM, Michael Ströder michael@stroeder.com wrote:
A client application can set 'entryUUID' by sending the relax rules control along with the add/modify request.
This is good to know. I wasn't aware such a control existed.
I used this in a migration project deriving OpenLDAP's entryUUID from Novell eDirectory's GUID.
Aside: those and AD's objectGUID have the same semantics, yes? (I'd be floored if they didn't.)
Hmm, what do you mean with "same semantics"?
In both servers the objectGUID in MS AD and entryUUID in OpenLDAP are created by the server when adding an entry. The LDAPsyntax differs (OctetString vs. UUID). But you should carefully think about the implications converting AD's objectGUID to OpenLDAP's entryUUID though!
During the Novell->OpenLDAP migration we decided to migrate the GUID->entryUUID because of the requirement to correctly sync the data also in the case entries were renamed.
If you need a persistent common primary key between AD and OpenLDAP you should rather think about syncing AD's objectSID and take care of the SID history after using AD domain migration tool.
Ciao, Michael.