[Engine-devel] Any reason to use UUID instead of name or dn?

Hello all, I am working on a series of changes with the objective to simplify the LDAP layer and make it more generic. One of the things that I would like to do is to use the name or dn attributes to identify the users/group instead of the UUIDs as we currently do. Can someone explain me if there is any powerful reason to use the directory specific UUIDs (objectGUID in ActiveDirectory, nsUniqueId in RHDS, etc) instead of user/group names or distinguished names? Thanks in advance, Juan Hernandez -- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.

----- Original Message -----
From: "Juan Hernandez" <jhernand@redhat.com> To: engine-devel@ovirt.org Sent: Wednesday, May 22, 2013 1:35:56 PM Subject: [Engine-devel] Any reason to use UUID instead of name or dn?
Hello all,
I am working on a series of changes with the objective to simplify the LDAP layer and make it more generic. One of the things that I would like to do is to use the name or dn attributes to identify the users/group instead of the UUIDs as we currently do. Can someone explain me if there is any powerful reason to use the directory specific UUIDs (objectGUID in ActiveDirectory, nsUniqueId in RHDS, etc) instead of user/group names or distinguished names?
Hi, If you define an entity and then delete and define an entity at the same name, the new entity should not inherit the permissions of the previous entity. So resource based security always hold unique identifier for entities, it can be UUID, UID or any unique string. Regards, Alon.

----- Original Message -----
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Juan Hernandez" <jhernand@redhat.com> Cc: engine-devel@ovirt.org Sent: Wednesday, May 22, 2013 1:47:42 PM Subject: Re: [Engine-devel] Any reason to use UUID instead of name or dn?
----- Original Message -----
From: "Juan Hernandez" <jhernand@redhat.com> To: engine-devel@ovirt.org Sent: Wednesday, May 22, 2013 1:35:56 PM Subject: [Engine-devel] Any reason to use UUID instead of name or dn?
Hello all,
I am working on a series of changes with the objective to simplify the LDAP layer and make it more generic. One of the things that I would like to do is to use the name or dn attributes to identify the users/group instead of the UUIDs as we currently do. Can someone explain me if there is any powerful reason to use the directory specific UUIDs (objectGUID in ActiveDirectory, nsUniqueId in RHDS, etc) instead of user/group names or distinguished names?
Hi,
If you define an entity and then delete and define an entity at the same name, the new entity should not inherit the permissions of the previous entity.
So resource based security always hold unique identifier for entities, it can be UUID, UID or any unique string.
Regards, Alon.
Indeed, this is due to permissions issue, the UUIDs are used to calculate the "effective" permissions
_______________________________________________ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
participants (3)
-
Alon Bar-Lev
-
Juan Hernandez
-
Yair Zaslavsky