--On Wednesday, May 1, 2024 10:56 PM +0000 "Singley, Norman" norman.singley@mso.umt.edu wrote:
Hi All.
I have had a question come down from our Enterprise information team –
We currently create a separate identity in oldap for students vs faculty/staff, but want to start creating only one identity going forward.
The DN in the ldif is unique for these two identities, but they do share a common attribute.
Is there a way in the ldapmodify add process to query the whole directory for an attribute coming from the ldif file, and then if it doesn't exist reject the add for that identity, and then of course go on processing the rest of the file?
My gut says no, or at least not without some scripting that I am not familiar with.
There's not a lot of detail here that makes it easy to answer, but in general I'd suggest using something like python-ldap, and then:
query for attribute exists? reject doesn't exist? modify or add
It even has an LDIF parser, so you could theoretically give it your LDIF file and have it process per-entry as noted above. You could do something similar with Perl's perl-ldap module as well.
--Quanah