On Fri, May 31, 2013 at 1:55 AM, Michael Ströder michael@stroeder.com wrote:
Hmm, what do you mean with "same semantics"?
I mean it's a globally-unique identifier that gets minted once per ("physical") entry (i.e. if you deleted the DN and put it back, it would have a different [GU]UID). But so as long as the entry exists, it will be associated with that identifier.
In both servers the objectGUID in MS AD and entryUUID in OpenLDAP are created by the server when adding an entry. The LDAPsyntax differs (OctetString vs. UUID). But you should carefully think about the implications converting AD's objectGUID to OpenLDAP's entryUUID though!
No interest (per se) in doing so; my interest is actually to borrow the identifiers for RDF subjects (urn:uuid:…) so the contents can be mapped back and forth between RDF statements and LDAP entries. I considered just using LDAP URIs but keeping track of DN changes would be a nightmare.
During the Novell->OpenLDAP migration we decided to migrate the GUID->entryUUID because of the requirement to correctly sync the data also in the case entries were renamed.
So yes, my interest is more similar to this.
If you need a persistent common primary key between AD and OpenLDAP you should rather think about syncing AD's objectSID and take care of the SID history after using AD domain migration tool.
I will definitely keep this in mind. Thanks!
-- Dorian Taylor http://doriantaylor.com/