[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem to replace directory entries with ldapmodify

To: "openldap-software@openldap.org" <openldap-software@openldap.org>
Subject: Re: Problem to replace directory entries with ldapmodify
From: Tony Earnshaw <tonni@hetnet.nl>
Date: Fri, 19 Oct 2007 03:37:29 +0200
In-reply-to: <b0459d5c0710180645p6ba6ba8fy47bb2d6e33ef552a@mail.gmail.com>
References: <deb8f1cb0710171223g68cb8983m2a9bdc1bd075486f@mail.gmail.com> <b0459d5c0710171918i71ff7efdxc18c3a42b31e26ed@mail.gmail.com> <deb8f1cb0710180640n18718d80sb7e95f7e74d4a2cb@mail.gmail.com> <b0459d5c0710180645p6ba6ba8fy47bb2d6e33ef552a@mail.gmail.com>
User-agent: Thunderbird 2.0.0.6 (X11/20070728)

matthew sporleder skrev, on 18-10-2007 15:45:

I've never tried that method of updates, so I really couldn't say.  It
almost seems like you should try a full delete and then add.  I'm
putting your reply back on the list so someone else can comment.

Reading ldif(5) manual, i saw two LDIF types: Entry Records  and Change
Records.
LDIF entry records are used to represent directory entries and  LDIF  change
 records are used to represent directory change requests.

Let me explain with this example:

Suppose i have on my directory a entry like:

uid=test,ou=people,dc=example,dc=com
objectClass: account
objectClass: posixAccount
objectClass: SIPIdentity
 objectClass: top
uid: test
loginShell: /bin/bash
uidNumber: 600
gidNumber: 100
homeDirectory: /home/test
gecos: test
userPassword: {SSHA}nswXaxRGB3jBPNnpYGzRiQrAt6k5eCyr
SIPIdentitySIPURI: sip:00011080@voip.example.com
SIPIdentityServiceLevel: AR
SIPIdentityUserName: 10811080
SIPIdentityPassword: 8997e7a13ff2641ae6142f05b41efd6f

If i create a LDIF with other password and without SIP attributes like:

uid=test,ou=people,dc=example,dc=com
 objectClass: account
 objectClass: posixAccount
 objectClass: SIPIdentity
 objectClass: top
 uid: test
 loginShell: /bin/bash
 uidNumber: 600
 gidNumber: 100
 homeDirectory: /home/test
 gecos: test
 userPassword: {SSHA}xLkfk/Lt5F5VG872wEqbC0H5+AlP6bIu

And using ldapmodify to update the entry with LDIF above, i expect the all
entry be replaced by LDIF data. Am i wrong?

Where is this documented? The answer is, "it's not". All these two OL tools are, are shell accessible interfaces to OL system calls. Almost everything is documented. If it isn't documented, then there's a 99% probability that it won't work.

if i use a Change record LDIF, it would be:

uid=test,ou=people,dc=example,dc=com
 changetype: modify
replace: userPassword
 userPassword: {SSHA}xLkfk/Lt5F5VG872wEqbC0H5+AlP6bIu
-


The above will work.

delete:  SIPIdentitySIPURI SIPIdentityServiceLevel SIPIdentityUserName
SIPIdentityPassword
SIPIdentitySIPURI: sip:00011080@voip.example.com
 SIPIdentityServiceLevel: AR
 SIPIdentityUserName: 10811080
 SIPIdentityPassword: 8997e7a13ff2641ae6142f05b41efd6f


The above isn't documented, so it won't work.

But i'd really use the entry record LDIF.

So do an ldapdelete, then an ldapadd. You can write a tiny shell script to do this. Call it what you want, and you have your own OL utility that does what you want and nobody else has :)

As time goes by, I'm acquiring a mass of small shell and perl scripts, some with HERE docs, to do adds, modifies and deletes on the fly. Most interface with ldapsearch.

--Tonni

--
Tony Earnshaw
Email: tonni at hetnet dot nl

References:
- Problem to replace directory entries with ldapmodify
  - From: Gessy <gessycaetano@gmail.com>
- Re: Problem to replace directory entries with ldapmodify
  - From: "matthew sporleder" <msporleder@gmail.com>
- Re: Problem to replace directory entries with ldapmodify
  - From: "matthew sporleder" <msporleder@gmail.com>

Prev by Date: Re: Compiling OpenLDAP with static SASL library
Next by Date: Support of LDAP assertions in openLDAP backends
Index(es):
- Chronological
- Thread