2008/8/15 Andrew Findlay andrew.findlay@skills-1st.co.uk:
On Fri, Aug 15, 2008 at 10:41:54AM +0200, Kós Tamás wrote:
I got a little bit off topic problem, but I hope you can help me about it. We got an LDAP directory, with many names. We got some same CNs for instance: John Smiths. The only difference is between the 2 names is the e-mail address. How can I modify one of them? ldapmodify request DN, but our enviroment DN seems to be DN: CN=John Smiths. How can I include the e-mail address to the DN?
Thank for your help. I tried to search with this command: ldapsearch -xv -h host.somewhere.net -D "CN=jsmiths,O=ACME" -w password mail=jsmiths@moewhere.net+CN=John\ Smiths Nothing found...
Ah - we have some confusion here. Michael and I both replied to your first message assuming that you wanted to add new entries for two people with the same name. I now think that you are trying to find and modify an existing entry.
Yes, we want to modify existing entries, which could be same CN, the unique is the mail attribute.
If you already have two people in the directory who have the same name then they must have different DNs. It does not matter what those DNs are - we just need to find them. It looks as if the mail address is the best way to select the one you want so the search should look something like this:
ldapsearch -x -h host.somewhere.net -D "CN=jsmiths,O=ACME" \ -w password -b O=ACME mail=jsmiths@moewhere.net
In this directory where are the two John Smiths don't have Organization, because it has been synchronised from an other directory. The unique attribute is the mail address... The Acme organization needs for only the authentication. I could write admin, not jsmiths. Sorry.
Note that I am assuming that there really is a user with DN "CN=jsmiths,O=ACME". If not, you will get an "Invalid credentials" error. In many directories you do not need to specify the DN and password as they allow anonymous users to search and read.
Note also that I have supplied a base for the search with the -b flag. If you do not do this you will get a "No such object" error. The base object must exist.
This persons don't have O or DC attributes. Can I ask you to give me some examples for searches and to modify people by mail and CN attributes.
Get the search working first, to find the DN of the entry. To modify the entry using command-line tools you will need to write a small LDIF file. Let us assume that you want to add a phone number to CN=jsmiths,O=ACME:
dn: CN=jsmiths,O=ACME changetype: modify add: telephonenumber telephonenumber: +1 234 567 890
(the file should end with a blank line).
Now the command will be:
ldapmodify -x -h host.somewhere.net -D "CN=jsmiths,O=ACME" \ -w password -f FILENAME
This assumes that the user "CN=jsmiths,O=ACME" is allowed to modify their own entry.
Why not try jXplorer?
I will try it, thanks for the idea.
Andrew
| From Andrew Findlay, Skills 1st Ltd | | Consultant in large-scale systems, networks, and directory services | | http://www.skills-1st.co.uk/ +44 1628 782565 |
-- What kind of person would do this?" "Only one kind. Whoever this player is, he has played World of Warcraft nearly every hour of every day for the past year and a half. Gentlemen, we are dealing with someone here who... had absolutely no life."