These requirements are definitely too loosely described to be implemented. But maybe prerequisites could be added to the slapadd operation, mimicking dynamic dns (rfc2136)? That way all prerequisites would be sent by the client, and the server would "just" have too check them before applying the changes. I know it looks a like as a ldapsearch (to check these prerequisites) followed by a ldapadd, but if implemented server side it could be done in an atomic way?
On Tue, Mar 24, 2015 at 11:56 PM, Howard Chu hyc@symas.com wrote:
Hallvard Breien Furuseth wrote:
I'd like a slap tool which verifies an LDIF before I try to ldapadd/slapadd it. "slapadd -u -o value-check=yes" is fairly close. What does it fail to catch? I can think of:
- Duplicate entries.
Quite an unrealistic requirement. You need to store the set of entryDNs to achieve this, and for a large LDIF you may need an actual database to manage this. Might as well just do a normal slapadd.
- Missing entries (if the initial DB is expected to be empty).
- Child entries before parents (OK for slapadd to at least
back-<bdb,hdb,mdb>).
- Issues which the tool can only catch if it opens the database, like
attempts to add already-existing entries. I probably don't want to do that.
- Issues which overlays like slapo-unique would reject. Can't do that, since the overlay won't have a non-empty DB to check against and slap tools do not use overlays anyway. Might special-case "unique" though, since the "duplicate entries" check will need uniqueness code anyway.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/