Sorry for my late reply !
I have a so hard week. A lot of work...
Thank you very much Quanah, David and Ulrich.
Sadly ldapdiff is not present anymore in the Debian repositories. I will check if I can use the other tools or use my own script.
Thank you again for your help !
Baptiste.
Le lun. 1 févr. 2021 à 08:02, Ulrich Windl Ulrich.Windl@rz.uni-regensburg.de a écrit :
Prunk Dump prunkdump@gmail.com schrieb am 29.01.2021 um 11:07 in Nachricht
CALr0QzGOFoAr+=3-XohtB7GKWfvLtZXO-q5Y3Dp7neNS2eV7mQ@mail.gmail.com:
Hello !
My network infrastructure uses some special database not compatible with LDAP. But I need an OpenLDAP server to administer my Web Services accounts on my DMZ.
So I have written a script to export our "special" database to an LDIF file. This works pretty well. I've successfully loaded it on my OpenLDAP server.
But now I don't know how to update my OpenLDAP database from the new generated LDIF files (when users are added, updated or removed) without disturbing the whole LDAP service (it's not a very good idea to delete the entire database and recreate it from the new LDIF file as it stop the service completely during the operation).
Is there a way to update an OpenLDAP database to fit a new given LDIF file ? -> Updating/deleting the OUs -> Deleting the objects that are not present. -> Deleting the attributes removed. -> Updating the attributes that have changed without deleting the object. Doing this step by step to disturb as little as possible the OpenLDAP service.
I think you should think in "deltas" (changes) instead of whole databses. Then ldapmodify is the tool to use and you'd have to write LDIF files that perform the changes.
An example for such a file would look similar to this:
dn: uid=t...,ou=...,dc=de changetype: modify add: pwdPolicySubentry pwdPolicySubentry: cn=PP-Default,dc=policies,dc=...,dc=de
dn: uid=o...,ou=...,dc=de changetype: modify add: pwdPolicySubentry pwdPolicySubentry: cn=PP-Default,dc=policies,dc=...,dc=de
dn: uid=m...,ou=...,dc=de changetype: modify replace: pwdChangedTime pwdChangedTime: 20201223135924Z
replace: userPassword userPassword: {SSHA}blabla...
add: pwdHistory pwdHistory: 20201223135924Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA}blabla...
delete: pwdGraceUseTime pwdGraceUseTime: 20180725081753Z pwdGraceUseTime: 20180725081756Z pwdGraceUseTime: 20180725081758Z pwdGraceUseTime: 20201201095616Z pwdGraceUseTime: 20201201095619Z
So you get the idea.
Thanks for the help.
Regards,
Baptiste.