Although not specific to OpenLDAP, I suggest either ldifdiff: http://search.cpan.org/~gbarr/perl-ldap-0.33/contrib/ldifdiff.pl or ldapdiff: http://webtomware.rhoen.de/ These will generate a delta between the LDIF file you are submitted, and the contents of your LDAP server. You can then apply the delta (via ldapmodify), while slapd is running, and the resulting LDAP data will represent the contents of the LDIF file. HTH, -Matt On Mon, 2005-06-13 at 10:49 -0400, Boxall, Colin - OASAM CTR wrote: > Intro and background: I'm running OpenLDAP 2.26 on a Suse Enterprise Server > 9.0. I'm trying to use the OpenLDAP database to make a portion of Active > Directory (just usernames, universal group memberships and email addresses) > available to a segment of the DMZ that can't be allowed access to the entire > Active Directory infrastructure. To do this, the AD folks are going to > provide me a daily LDIF (via a batch process) of all the user objects with > just the attributes I need values for. For security reasons, we can't use > more typical replication techniques. I need to then use a batch process to > import those LDIF files into the OpenLDAP database. I have run into a > variety of problems linked to the facts that a) I've never used OpenLDAP > before, and b) I've never used Linux before. I've managed to get Suse > installed and OpenLDAP running, so I don't think the situation is completely > hopeless. > > > > The problem I'm bringing up for discussion here is that when I try to import > an LDIF file, it fails if any of the entries in LDIF file already exist in > the LDAP database. From reading over the archives, the best solution > appears to be to kill the slapd process, delete the database files, restart > the slapd process and then import the LDIF file to rebuild the database. I > think this is a lovely solution, since it also will delete accounts that > don't exist in AD anymore. The trouble is: how do I kill the slapd process > in a batch process? I don't know how to write batch files or their > equivalent on Linux yet, but I imagine part of it will be figuring out what > commands need to be executed, and since kill seems to require a process ID > that changes over time, I'm not sure how to proceed. Is there functionality > with OpenLDAP to shut down slapd that I don't know about, or how should I do > this? > > > > This might be a basic Linux usage issue, but I imagine that somebody on here > is doing something similar with OpenLDAP and some other database and > therefore can point me in the right direction. Thanx! > > Matthew J. Smith University of Connecticut ITS This message sent at Mon Jun 13 14:53:49 2005 PGP Key: http://web.uconn.edu/dotmatt/matt.asc
Attachment:
signature.asc
Description: This is a digitally signed message part