--On Tuesday, March 07, 2017 4:58 PM +0000 Howard Chu hyc@symas.com wrote:
This is bad advice. If you actually want a UUID then use entryUUID. As noted, it is defined in RFC4530 which means it isn't going to change. The format of UUIDs is well-established in internet standards.
I disagree. :) There are perefectly valid reasons to avoid using the LDAP created UUID.
When an existing attribute has *exactly* the syntax and semantics that you want, use it.
suRegID and zimbraID are not UUIDs are they?
Yes, they are UUIDs. In Stanford's case, the UUID was generated outside of LDAP in another system, and used as a reference through multitudes of other systems, many of which had no access to LDAP. Using the entryUUID would not have been feasible.
In Zimbra's case, there's a capability to store the non-operational attributes of an account for restoration at a later date via other utilities. The licensed nature, based off total accounts, for Zimbra's commercial product means that deleting inactive accounts is a common procedure, as well as restoring them at a later date. Restoring a single account where operational attributes are present is a pain. In addition, at least one customer did not use OpenLDAP as the backend store. Having a persistent UUID on the account was necessary because other portions of the product could retain references to an old account even once deleted that would need to be consistent if the account was restored.
Using your own identifier ensures that will not be an issue. Also, if you do things like allow backing up/restoring user entries that have gotten deleted, a restored entry (depending on the method use) may end up with a new entryUUID.
Yes, you should only use the recommended backup procedures.
The above not really isn't about backup, it's about restoration. See above.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com