… decide that deleting the “Groups” subtree from your LDAP server and reloading it from a new import is a good thing after you’ve moved it into production.

After burning myself very badly by thinking that such an operation would be okay, the new philosophy is that any change that needs to be made which affects more than one object in the directory shall be made programmatically, so that it can be checked thoroughly for errors before being let loose.

Sadly, some things can only be learned through pain.

This entry was posted on Monday, July 24th, 2006 at 3:47 pm and is filed under Method. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.