For Programmers: Free Programming Magazines  


Home > Archive > LDAP > January 2008 > how to split changes on a sigle entry in multiple ldiff chunks ?









You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

 

Author how to split changes on a sigle entry in multiple ldiff chunks ?
Guillaume Rousse

2007-12-18, 8:25 am

Hello list.

We are using a perl script, based on Net::LDAP to sync our AD server
with our OpenLdap directory. My colleagues told me we couldn't create
the entries directly in AD, as those entries requires additional
processing, so we're generating LDIFF instead, which is imported into
some microsoft later.

My problem is that the dn for any user contains its group, so its group
must exists before the user entry is created. But AD also refuses to add
a non-existent user dn to a group entry, so the user entry must exists
before it can get added to its group entry. Which means the correct
entry creation sequence is:
- create empty group
- create user
- add user to group

However, I couldn't find a way in current Net::LDAP API to write an
Net::LDAP::Entry once for creation, and thereafter only for subsequent
modifications in the ldiff output. The following code

my $ldif = Net::LDAP::LDIF->new('-', 'w', change => 1);
my $group = Net::LDAP::Entry->new();
$group->dn('cn=group');
$ldif->write_entry($group);
$group->add('member' => 'cn=user');
$ldif->write_entry($group);

Results in

dn: cn=group
changetype: add

dn: cn=group
changetype: add
member: cn=user

Whereas I'd want something as :

dn: cn=group
changetype: add

dn: cn=group
changetype: modify
replace: member
member: cn=user

The only idea I have currently is to fake a ldap server using a Mock
Net::DALP object i could use so as to insert
$group->update($dummy_server) between the two calls to
$ldif->write_entry(). Any other suggestion ?
--
Guillaume Rousse
Moyens Informatiques - INRIA Futurs
Tel: 01 69 35 69 62
Peter Marschall

2007-12-21, 4:35 am

Hi,

On Tuesday, 18. December 2007, Guillaume Rousse wrote:
> We are using a perl script, based on Net::LDAP to sync our AD server
> with our OpenLdap directory. My colleagues told me we couldn't create
> the entries directly in AD, as those entries requires additional
> processing, so we're generating LDIFF instead, which is imported into
> some microsoft later.
Strange. I'm creating/modifying AD accounts via perl-ldap all the time
without problems.

> My problem is that the dn for any user contains its group, so its group
> must exists before the user entry is created. But AD also refuses to add
> a non-existent user dn to a group entry, so the user entry must exists
> before it can get added to its group entry. Which means the correct
> entry creation sequence is:
> - create empty group
> - create user
> - add user to group
>
> However, I couldn't find a way in current Net::LDAP API to write an
> Net::LDAP::Entry once for creation, and thereafter only for subsequent
> modifications in the ldiff output.
Did you try Net::LDAP::Entry's changetype('modify') method ?

> The following code
>
> my $ldif = Net::LDAP::LDIF->new('-', 'w', change => 1);
> my $group = Net::LDAP::Entry->new();
> $group->dn('cn=group');
> $ldif->write_entry($group);
# Try this:
$group->changetype('modify');
> $group->add('member' => 'cn=user');
> $ldif->write_entry($group);
>
> Results in
>
> dn: cn=group
> changetype: add
>
> dn: cn=group
> changetype: add
> member: cn=user
>
> Whereas I'd want something as :
>
> dn: cn=group
> changetype: add
>
> dn: cn=group
> changetype: modify
> replace: member
> member: cn=user

Hope it helps
Peter


--
Peter Marschall
peter@adpm.de
Peme13

2008-01-10, 1:48 pm

Girl lovers!
http://nicest-lesbyans.info/vids?218571.wmv

http://nicest-lesbyans.info/lesbyan2.jpg
Hardcore girls!
Sponsored Links







Also available: Server administration forum archive | Web Design forum archive | Software forum archive | Hardware reviews archive

Copyright 2008 codecomments.com