Hallvard Breien Furuseth wrote:
On 2013-05-30 20:08, Quanah Gibson-Mount wrote:
meike.stone@googlemail.com wrote:
I want to preserve the operational attributes from the ldapsearch ldif (created with '+' '*'). But I saw, that a ldapsearch ldif with operational attributes has a more operational attributes than from the slapcat ldif.
An ldapsearch generated and slapcat generated LDIF of the same db will be identical for *,+ for ldapsearch. So your statement doesn't really make much sense.
Sure it does. slapcat gives the raw data in LDIF format. ldapsearch runs it through overlays. It can generate dynamic attrs, rewrite, and reorder data. LDAP mostly leaves ordering unspecified.
Good point but...
It could contain generated read-only attrs like memberOf.
..for better performance 'memberOf' is stored in the DB (and e.g. indexed) and LDIF generated by slapcat indeed contains values of attribute 'memberOf'.
I'd be more worried about whether the identity used during ldapsearch has read access to all attributes. LDAP access is subject to ACL checking whereas slapcat is not.
Ciao, Michael.