Rich Megginson wrote:
Rob Crittenden wrote:I have a ticket (#3) to allow the RDN to be modified.python-ldap has a modrdn function so I know that I *can* change it, just have an ordering question.The request may come with a slew of other changes as well (likely gn, sn and sn too). It might just be easier, because of the way we generate the list of changes, to do the other changes first and then the modrdn. Is there any reason to do one before the other?I assume that any attribute in the DN gets automatically changed during the modrdn operation. Is that correct?I'm not sure what you mean.
My current entry is uid=me, dc=freeipa,dc=org I do a modrdn to uid=thenewme, dc=freeipa,dc=orgIs uid an attribute simply because it is in the DN or is it stored separately in the DS?
I'm assuming that I don't need to issue a change for uid. Is that a good assumption?
It depends. By default, refint will rename the old DN to the new DN in the attributes member, uniquemember, owner, and seeAlso in all entries in your suffix/subtree.We already have the referential integrity plugin enabled so in theory I just have to worry about constructing the two updates properly and not an repercusions of them. Right?
And it'll fix up group membership I think? We have a couple of additional fields configured (manager & secretary). thanks rob
Description: S/MIME Cryptographic Signature