Menu
▾
▴
Re: Modifying DN - semi OT
|
From: Chris R. <chr...@me...> - 2001-12-13 16:49:29
|
Al Lilianstrom <al....@fn...> wrote: > Hi, > > I've been trying to understand what happens when modifying a DN as we > work through a Active Directory deployment and permissions issues. I'll > be using Perl-LDAP as the interface to this operation but I'm a bit > confused. > > Say I have a DN like this; > > dn: CN=lilstrom,OU=Cloned_Users,OU=CD,DC=fermi,DC=win,DC=fnal > > and I modify it so that it is > > dn: CN=lilstrom,OU=CSI,OU=CD,DC=fermi,DC=win,DC=fnal > > What exactly happens on the server? Is the DN just modified or is a new > one created using the attributes of the old one which is then deleted or > ? > > I've been reading the docs, RFC's, and the modules and I didn't find the > answer. > > tia, al > -- > > Al Lilianstrom > CD/OSS/CSI > Al....@fn... > Think of a DN as a bit like a pathname to a file on your computer. Note that the location of a file on your computer is not a property of the file itself; similarly an entry's DN is not an attribute of an entry (*). So, "modifying a DN" of an entry in the directory is actually renaming the entry. There is a special operation in LDAP to do this, called ModifyDN. Perl-ldap supports ModifyDN. Exactly what the server does with this is up to the server. If you do a modifydn and get an OK response back, then you can assume that the entry is just 'moved' to the new place. It is the *same* entry, so the createTimestamp should be the same as before you moved it. Cheers, Chris * Some Microsoft directory servers believe that entries do have a 'dn' attribute. That's just Microsoft doing non-standard things, which you should attempt to ignore :-) |
