[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem importing LDIF file





--On Monday, June 13, 2005 10:49 AM -0400 "Boxall, Colin - OASAM CTR" <Boxall.Colin@dol.gov> wrote:


Intro and background: I'm running OpenLDAP 2.26 on a Suse Enterprise Server 9.0. I'm trying to use the OpenLDAP database to make a portion of Active Directory (just usernames, universal group memberships and email addresses) available to a segment of the DMZ that can't be allowed access to the entire Active Directory infrastructure. To do this, the AD folks are going to provide me a daily LDIF (via a batch process) of all the user objects with just the attributes I need values for. For security reasons, we can't use more typical replication techniques. I need to then use a batch process to import those LDIF files into the OpenLDAP database. I have run into a variety of problems linked to the facts that a) I've never used OpenLDAP before, and b) I've never used Linux before. I've managed to get Suse installed and OpenLDAP running, so I don't think the situation is completely hopeless.



The problem I'm bringing up for discussion here is that when I try to
import an LDIF file, it fails if any of the entries in LDIF file already
exist in the LDAP database.  From reading over the archives, the best
solution appears to be to kill the slapd process, delete the database
files, restart the slapd process and then import the LDIF file to rebuild
the database.  I think this is a lovely solution, since it also will
delete accounts that don't exist in AD anymore.  The trouble is: how do I
kill the slapd process in a batch process?  I don't know how to write
batch files or their equivalent on Linux yet, but I imagine part of it
will be figuring out what commands need to be executed, and since kill
seems to require a process ID that changes over time, I'm not sure how to
proceed.  Is there functionality with OpenLDAP to shut down slapd that I
don't know about, or how should I do this?



This might be a basic Linux usage issue, but I imagine that somebody on
here is doing something similar with OpenLDAP and some other database and
therefore can point me in the right direction.  Thanx!

Are you using ldapadd or slapadd? Note that slapadd is preferred if you are starting the database from scratch. I also suggest reading up on the "-c" option (continue on error) which will skip over the problem of entries already existing (but also any other data issues).


--Quanah



--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html