Chris,
Thanks for the explanation. It appears the Active Directory does a
rename/move as the created timestamp is the same.
thanks again, al
Chris Ridd wrote:
>
> Al Lilianstrom <al....@fn...> wrote:
> > Hi,
> >
> > I've been trying to understand what happens when modifying a DN as we
> > work through a Active Directory deployment and permissions issues. I'll
> > be using Perl-LDAP as the interface to this operation but I'm a bit
> > confused.
> >
> > Say I have a DN like this;
> >
> > dn: CN=lilstrom,OU=Cloned_Users,OU=CD,DC=fermi,DC=win,DC=fnal
> >
> > and I modify it so that it is
> >
> > dn: CN=lilstrom,OU=CSI,OU=CD,DC=fermi,DC=win,DC=fnal
> >
> > What exactly happens on the server? Is the DN just modified or is a new
> > one created using the attributes of the old one which is then deleted or
> > ?
> >
> > I've been reading the docs, RFC's, and the modules and I didn't find the
> > answer.
> >
> > tia, al
> > --
> >
> > Al Lilianstrom
> > CD/OSS/CSI
> > Al....@fn...
> >
>
> Think of a DN as a bit like a pathname to a file on your computer. Note
> that the location of a file on your computer is not a property of the file
> itself; similarly an entry's DN is not an attribute of an entry (*).
>
> So, "modifying a DN" of an entry in the directory is actually renaming the
> entry. There is a special operation in LDAP to do this, called ModifyDN.
>
> Perl-ldap supports ModifyDN.
>
> Exactly what the server does with this is up to the server. If you do a
> modifydn and get an OK response back, then you can assume that the entry is
> just 'moved' to the new place. It is the *same* entry, so the
> createTimestamp should be the same as before you moved it.
>
> Cheers,
>
> Chris
>
> * Some Microsoft directory servers believe that entries do have a 'dn'
> attribute. That's just Microsoft doing non-standard things, which you
> should attempt to ignore :-)
--
Al Lilianstrom
al....@fn...
CD/OSS/CSI
|
