matthew sporleder skrev, on 18-10-2007 15:45:
I've never tried that method of updates, so I really couldn't say. It almost seems like you should try a full delete and then add. I'm putting your reply back on the list so someone else can comment.
Reading ldif(5) manual, i saw two LDIF types: Entry Records and Change Records. LDIF entry records are used to represent directory entries and LDIF change records are used to represent directory change requests.
Let me explain with this example:
Suppose i have on my directory a entry like:
uid=test,ou=people,dc=example,dc=com objectClass: account objectClass: posixAccount objectClass: SIPIdentity objectClass: top uid: test loginShell: /bin/bash uidNumber: 600 gidNumber: 100 homeDirectory: /home/test gecos: test userPassword: {SSHA}nswXaxRGB3jBPNnpYGzRiQrAt6k5eCyr SIPIdentitySIPURI: sip:00011080@voip.example.com SIPIdentityServiceLevel: AR SIPIdentityUserName: 10811080 SIPIdentityPassword: 8997e7a13ff2641ae6142f05b41efd6f
If i create a LDIF with other password and without SIP attributes like:
uid=test,ou=people,dc=example,dc=com objectClass: account objectClass: posixAccount objectClass: SIPIdentity objectClass: top uid: test loginShell: /bin/bash uidNumber: 600 gidNumber: 100 homeDirectory: /home/test gecos: test userPassword: {SSHA}xLkfk/Lt5F5VG872wEqbC0H5+AlP6bIu
And using ldapmodify to update the entry with LDIF above, i expect the all entry be replaced by LDIF data. Am i wrong?
Where is this documented? The answer is, "it's not". All these two OL tools are, are shell accessible interfaces to OL system calls. Almost everything is documented. If it isn't documented, then there's a 99% probability that it won't work.
if i use a Change record LDIF, it would be:
uid=test,ou=people,dc=example,dc=com changetype: modify replace: userPassword userPassword: {SSHA}xLkfk/Lt5F5VG872wEqbC0H5+AlP6bIu
The above will work.
delete: SIPIdentitySIPURI SIPIdentityServiceLevel SIPIdentityUserName SIPIdentityPassword SIPIdentitySIPURI: sip:00011080@voip.example.com SIPIdentityServiceLevel: AR SIPIdentityUserName: 10811080 SIPIdentityPassword: 8997e7a13ff2641ae6142f05b41efd6f
The above isn't documented, so it won't work.
But i'd really use the entry record LDIF.
So do an ldapdelete, then an ldapadd. You can write a tiny shell script to do this. Call it what you want, and you have your own OL utility that does what you want and nobody else has :)
As time goes by, I'm acquiring a mass of small shell and perl scripts, some with HERE docs, to do adds, modifies and deletes on the fly. Most interface with ldapsearch.
--Tonni