If you are supporting multi-tenancy and have uniqueness requirements for AD use objectGUID. objectSID is only unique within a given domain and is not guaranteed to be globally unique.
-Jon C. Kidder American Electric Power Middleware Services Email: [email protected]<mailto:[email protected]> Phone: 614-716-4970 From: [email protected] [mailto:[email protected]] On Behalf Of Clément OUDOT Sent: Wednesday, October 07, 2015 9:18 AM To: Dan G. Switzer, II; [email protected] Subject: Re: [lsc-users] Trim starting/trailing whitespace from LDAP source This is an EXTERNAL email. STOP. THINK before you CLICK links or OPEN attachments. ________________________________ Le 07/10/2015 13:56, Dan G. Switzer, II a écrit : Clément, Thank you so much for the reply. This helps me a lot. Please forgive me for my next question, because I do not have a lot of experience with AD and LDAP. The RFC-4530<https://tools.ietf.org/html/rfc4530> specification indicates the entryUUID attribute is optional. Is this generally implemented in most systems? The tool we're working on we are hoping to deploy in many different environments in order to give them a way to synchronize their servers to our proprietary API. Yes, at least on OpenLDAP. It is not provided by AD, but AD does not respect standards anyway. If entryUUID isn't used, is there another commonly used unique identifier? The entry DN (dn or entryDn attribut) is also a common unique identifier if you don't rename entries. It would appear for AD I should be able to use the objectGUID (or would objectSID be better)? Yes but the values are binary, and it can be harder to use. If you want to provide a connector to your proprietary API, you should look at the plugins possibility. For example the OBM plugin allows to synchronize to a REST API: http://lsc-project.org/wiki/documentation/plugins/obm -- Clément OUDOT Consultant en logiciels libres, Expert infrastructure et sécurité Savoir-faire Linux
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
