Masarati wrote:
slapo-memberof(5) does not support tool mode; in order to populate the memberOf attribute of an existing database you need to use ldapadd(1). You could, for example, dump your group entries, remove them, and re-add them via ldapadd(1).
Thanks for clearing that out. Could this be mentioned in the documentation somewhere (e.g. slapo-memberof(5))?
So, the procedure would look something like this? Scripting would be a lot easier if ldapsearch could optionally output DNs without wrapping lines.
# dump existing groups ldapsearch -H ldap://localhost:389 -b dc=example,dc=org -x -w XXXX -D cn=manager,dc=example,dc=org '(objectclass=groupofnames)' > groups.ldif
# list existing groups by DN cat groups.ldif | perl -p00e 's/\r?\n //g' |grep '^dn: ' | sed -e 's/^dn: //' > groups_to_del.ldif
# remove existing groups ldapdelete -v -c -H ldap://localhost:389 -x -w XXXX -D cn=manager,dc=example,dc=org -f groups_to_del.ldif
# re-add groups ldapadd -v -H ldap://localhost:389 -x -w XXXX -D cn=manager,dc=example,dc=org -f groups.ldif
best regards,
marko