[Engine-devel] Any reason to use UUID instead of name or dn?
Yair Zaslavsky
yzaslavs at redhat.com
Wed May 22 14:13:05 UTC 2013
----- Original Message -----
> From: "Alon Bar-Lev" <alonbl at redhat.com>
> To: "Juan Hernandez" <jhernand at redhat.com>
> Cc: engine-devel at ovirt.org
> Sent: Wednesday, May 22, 2013 1:47:42 PM
> Subject: Re: [Engine-devel] Any reason to use UUID instead of name or dn?
>
>
>
> ----- Original Message -----
> > From: "Juan Hernandez" <jhernand at redhat.com>
> > To: engine-devel at ovirt.org
> > Sent: Wednesday, May 22, 2013 1:35:56 PM
> > Subject: [Engine-devel] Any reason to use UUID instead of name or dn?
> >
> > Hello all,
> >
> > I am working on a series of changes with the objective to simplify the
> > LDAP layer and make it more generic. One of the things that I would like
> > to do is to use the name or dn attributes to identify the users/group
> > instead of the UUIDs as we currently do. Can someone explain me if there
> > is any powerful reason to use the directory specific UUIDs (objectGUID
> > in ActiveDirectory, nsUniqueId in RHDS, etc) instead of user/group names
> > or distinguished names?
>
> Hi,
>
> If you define an entity and then delete and define an entity at the same
> name, the new entity should not inherit the permissions of the previous
> entity.
>
> So resource based security always hold unique identifier for entities, it can
> be UUID, UID or any unique string.
>
> Regards,
> Alon.
Indeed, this is due to permissions issue, the UUIDs are used to calculate the "effective" permissions
> _______________________________________________
> Engine-devel mailing list
> Engine-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/engine-devel
>
More information about the Engine-devel
mailing list