On Fri, Aug 15, 2008 at 10:41:54AM +0200, Kós Tamás wrote:
I got a little bit off topic problem, but I hope you can help me about it. We got an LDAP directory, with many names. We got some same CNs for instance: John Smiths. The only difference is between the 2 names is the e-mail address. How can I modify one of them? ldapmodify request DN, but our enviroment DN seems to be DN: CN=John Smiths. How can I include the e-mail address to the DN?
Thank for your help. I tried to search with this command: ldapsearch -xv -h host.somewhere.net -D "CN=jsmiths,O=ACME" -w password mail=jsmiths@moewhere.net+CN=John\ Smiths Nothing found...
Ah - we have some confusion here. Michael and I both replied to your first message assuming that you wanted to add new entries for two people with the same name. I now think that you are trying to find and modify an existing entry.
If you already have two people in the directory who have the same name then they must have different DNs. It does not matter what those DNs are - we just need to find them. It looks as if the mail address is the best way to select the one you want so the search should look something like this:
ldapsearch -x -h host.somewhere.net -D "CN=jsmiths,O=ACME" \ -w password -b O=ACME mail=jsmiths@moewhere.net
Note that I am assuming that there really is a user with DN "CN=jsmiths,O=ACME". If not, you will get an "Invalid credentials" error. In many directories you do not need to specify the DN and password as they allow anonymous users to search and read.
Note also that I have supplied a base for the search with the -b flag. If you do not do this you will get a "No such object" error. The base object must exist.
This persons don't have O or DC attributes. Can I ask you to give me some examples for searches and to modify people by mail and CN attributes.
Get the search working first, to find the DN of the entry. To modify the entry using command-line tools you will need to write a small LDIF file. Let us assume that you want to add a phone number to CN=jsmiths,O=ACME:
dn: CN=jsmiths,O=ACME changetype: modify add: telephonenumber telephonenumber: +1 234 567 890
(the file should end with a blank line).
Now the command will be:
ldapmodify -x -h host.somewhere.net -D "CN=jsmiths,O=ACME" \ -w password -f FILENAME
This assumes that the user "CN=jsmiths,O=ACME" is allowed to modify their own entry.
You may find it easier to do this sort of job using a GUI tool. Why not try jXplorer?
Andrew