So, it's time to start seriously talking about migrating all the 'original' users to an email-based username. For the ones that currently have an email address I suspect we'll send them an email and either ask them to change, or tell them that it's happening at some point. However, there are a set of users who have no email address. What is the scope of that? Presumably, if they don't have a syncNode, we don't care and can just migrate them, so it's just the combo of syncNode and no email that's an issue.
Definitely of interest to QA in terms of testing the process.
I'm not finding any users without a mail attribute. The search string '(&(objectClass=dataStore)(!(mail=*)))' as a "root" ldap user returned no users. Is there a better way to identify "old style" users than just finding UIDs that don't match a certain regexp?
Hmm, there are definitely users in there with bad emails. We just didn't enforce it. Is it possible to do a search on usernames with less than the standard number of characters? That should hit all the old-school accounts. Alternately, a quick binary search should do it - everything before a certain id will be old-school.
You say "bad emails" -- I was checking to see if there was a value on the "mail" attribute, not if it was an actual email or something. Yeah, we should be able to track down the uidNumber where things change. I'll look at that. So then do you want to dump all those uids & emails, and figure out which emails are invalid?
I believe that the current thinking is that we're going to continue to support those people through 1.1, but not bring them to 2.0, so it's more relevant for our migration plans. Those are just getting underway, so the cutoff number is a good thing to have in your back pocket.
old accounts: uidNumber <= 1122000
collecting the LDIF of all old users here: master1.ldap.scl2:~petef/a/