[Engine-devel] Any reason to use UUID instead of name or dn?

Alon Bar-Lev alonbl at redhat.com
Wed May 22 10:47:42 UTC 2013



----- Original Message -----
> From: "Juan Hernandez" <jhernand at redhat.com>
> To: engine-devel at ovirt.org
> Sent: Wednesday, May 22, 2013 1:35:56 PM
> Subject: [Engine-devel] Any reason to use UUID instead of name or dn?
> 
> Hello all,
> 
> I am working on a series of changes with the objective to simplify the
> LDAP layer and make it more generic. One of the things that I would like
> to do is to use the name or dn attributes to identify the users/group
> instead of the UUIDs as we currently do. Can someone explain me if there
> is any powerful reason to use the directory specific UUIDs (objectGUID
> in ActiveDirectory, nsUniqueId in RHDS, etc) instead of user/group names
> or distinguished names?

Hi,

If you define an entity and then delete and define an entity at the same name, the new entity should not inherit the permissions of the previous entity.

So resource based security always hold unique identifier for entities, it can be UUID, UID or any unique string. 

Regards,
Alon.



More information about the Engine-devel mailing list