Menu
▾
▴
Re: Modifying DN - semi OT
|
From: Al L. <al....@fn...> - 2001-12-18 00:49:51
|
Chris, Thanks for the explanation. It appears the Active Directory does a rename/move as the created timestamp is the same. thanks again, al Chris Ridd wrote: > > Al Lilianstrom <al....@fn...> wrote: > > Hi, > > > > I've been trying to understand what happens when modifying a DN as we > > work through a Active Directory deployment and permissions issues. I'll > > be using Perl-LDAP as the interface to this operation but I'm a bit > > confused. > > > > Say I have a DN like this; > > > > dn: CN=lilstrom,OU=Cloned_Users,OU=CD,DC=fermi,DC=win,DC=fnal > > > > and I modify it so that it is > > > > dn: CN=lilstrom,OU=CSI,OU=CD,DC=fermi,DC=win,DC=fnal > > > > What exactly happens on the server? Is the DN just modified or is a new > > one created using the attributes of the old one which is then deleted or > > ? > > > > I've been reading the docs, RFC's, and the modules and I didn't find the > > answer. > > > > tia, al > > -- > > > > Al Lilianstrom > > CD/OSS/CSI > > Al....@fn... > > > > Think of a DN as a bit like a pathname to a file on your computer. Note > that the location of a file on your computer is not a property of the file > itself; similarly an entry's DN is not an attribute of an entry (*). > > So, "modifying a DN" of an entry in the directory is actually renaming the > entry. There is a special operation in LDAP to do this, called ModifyDN. > > Perl-ldap supports ModifyDN. > > Exactly what the server does with this is up to the server. If you do a > modifydn and get an OK response back, then you can assume that the entry is > just 'moved' to the new place. It is the *same* entry, so the > createTimestamp should be the same as before you moved it. > > Cheers, > > Chris > > * Some Microsoft directory servers believe that entries do have a 'dn' > attribute. That's just Microsoft doing non-standard things, which you > should attempt to ignore :-) -- Al Lilianstrom al....@fn... CD/OSS/CSI |
