Closed suminhong closed 3 weeks ago
The id of a terraform resource identifies the resource (in the state) and thus cannot be changed. In my opinion this matches perfectly to the LDAP attribute dn (distinguished name).
@l-with I agree that DN is the most appropriate as an ID value. However, could you agree that DN should be changeable? DN should be able to change, but the ID value should remain unchanged. I'm not quite sure how to resolve this yet. Could you perhaps help me think it through?
This is the terraform flow The resource has to be identified in the state (Resource in state) and via the LDAP-API (Read ()). Both steps need an identifier and the identifier for the API has to be derivable from the identifier in the state.
I think it might be possible to update both the DN and ID values in the Update() function. Would that be a difficult task? Couldn’t we just keep track of the old ID value and move it within the state as well?
I didn't mean to close it on purpose, but I'll think about it anyway. If you come up with any good ideas, call me back! thank you.
I think it might be possible to update both the DN and ID values in the Update() function. Would that be a difficult task? Couldn’t we just keep track of the old ID value and move it within the state as well?
There is a co-operation between the provider implementation (implementing read, create, update, delete) and the framework (handling the state (read, lock, update) and calling the implemented provider functions).
Which LDAP attributes do you want to change? Please think about changing the dn construction and use sAMAccountName and not cn.
@l-with I came up with this idea because the middle OU, not the name, is often changed. Actually, this isn't a very important issue. However, in actual AD, the dn can be changed, but it is unfortunate that it is not possible in terraform, so I uploaded the pr.
hello. I often want to change the
dn
of an ldap user. However, when using this provider, thedn
is marked as force replacement, which causes the object itself to be regenerated when changed. Therefore, in my short opinion, I think settingForceNew
tofalse
will do the trick, so I'm raising a PR. However, because the currentid
value is set todn
, this change alone does not work properly. Have you ever had a similar problem as me? In Active Directory,dn
is usually changeable. However, to work with terraform you must regenerate it.However, if only
ForceNew
is treated asfalse
, theid
value changes and an error occurs. When settingid
to a different value, there is no more unique and appropriate value thandn
. Therefore, if thedn
changes, theid
should also change.Please think about it once. Thank you always.