Intro and background: I'm running OpenLDAP 2.26 on a Suse Enterprise
Server 9.0. I'm trying to use the OpenLDAP database to make a portion of
Active Directory (just usernames, universal group memberships and email
addresses) available to a segment of the DMZ that can't be allowed access
to the entire Active Directory infrastructure. To do this, the AD folks
are going to provide me a daily LDIF (via a batch process) of all the
user objects with just the attributes I need values for. For security
reasons, we can't use more typical replication techniques. I need to
then use a batch process to import those LDIF files into the OpenLDAP
database. I have run into a variety of problems linked to the facts that
a) I've never used OpenLDAP before, and b) I've never used Linux before.
I've managed to get Suse installed and OpenLDAP running, so I don't think
the situation is completely hopeless.
The problem I'm bringing up for discussion here is that when I try to
import an LDIF file, it fails if any of the entries in LDIF file already
exist in the LDAP database. From reading over the archives, the best
solution appears to be to kill the slapd process, delete the database
files, restart the slapd process and then import the LDIF file to rebuild
the database. I think this is a lovely solution, since it also will
delete accounts that don't exist in AD anymore. The trouble is: how do I
kill the slapd process in a batch process? I don't know how to write
batch files or their equivalent on Linux yet, but I imagine part of it
will be figuring out what commands need to be executed, and since kill
seems to require a process ID that changes over time, I'm not sure how to
proceed. Is there functionality with OpenLDAP to shut down slapd that I
don't know about, or how should I do this?
This might be a basic Linux usage issue, but I imagine that somebody on
here is doing something similar with OpenLDAP and some other database and
therefore can point me in the right direction. Thanx!