On Fri, May 31, 2013 at 1:55 AM, Michael Ströder <michael(a)stroeder.com> wrote:
Hmm, what do you mean with "same semantics"?
I mean it's a globally-unique identifier that gets minted once per
("physical") entry (i.e. if you deleted the DN and put it back, it
would have a different [GU]UID). But so as long as the entry exists,
it will be associated with that identifier.
In both servers the objectGUID in MS AD and entryUUID in OpenLDAP are
by the server when adding an entry. The LDAPsyntax differs (OctetString vs.
UUID). But you should carefully think about the implications converting AD's
objectGUID to OpenLDAP's entryUUID though!
No interest (per se) in doing so; my interest is actually to borrow
the identifiers for RDF subjects (urn:uuid:…) so the contents can be
mapped back and forth between RDF statements and LDAP entries. I
considered just using LDAP URIs but keeping track of DN changes would
be a nightmare.
During the Novell->OpenLDAP migration we decided to migrate the
GUID->entryUUID because of the requirement to correctly sync the data also in
the case entries were renamed.
So yes, my interest is more similar to this.
If you need a persistent common primary key between AD and OpenLDAP
rather think about syncing AD's objectSID and take care of the SID history
after using AD domain migration tool.
I will definitely keep this in mind. Thanks!