Hello list
We use openldap 2.3.39. I want to add with a perl-script to all my users this attributes : objectClass: orcluser orclpassword: xxxxxxxxx
I dont now how do that with a script. Actually my users haves this objectClasses : objectClass: top objectClass: hordePerson objectClass: shadowAccount objectClass: posixAccount objectClass: person objectClass: inetOrgPerson objectClass: SuSEeMailObject objectClass: sambaSamAccount
I defined an : objectclass ( 1.1.2.881.881.555.666 NAME 'inetorcluser' DESC 'inetorcluser' SUP ( inetOrgPerson $ orcluser ) STRUCTURAL )
And so when i with an ldap-browser export an user, then after deleting this user i add in the ldif-datei the followings attributes: objectClass: inetorcluser objectClass: orcluser orclpassword: xxxxxxxxx then i can import this user fine.
That for one user is ok but for a lot of users how can i do that - i tried with perl - but without success.
Thanks in advanced for any help. luis
alois blasbichler wrote:
Hello list
We use openldap 2.3.39. I want to add with a perl-script to all my users this attributes : objectClass: orcluser orclpassword: xxxxxxxxx
I dont now how do that with a script. Actually my users haves this objectClasses : objectClass: top objectClass: hordePerson objectClass: shadowAccount objectClass: posixAccount objectClass: person objectClass: inetOrgPerson objectClass: SuSEeMailObject objectClass: sambaSamAccount
I defined an : objectclass ( 1.1.2.881.881.555.666 NAME 'inetorcluser' DESC 'inetorcluser' SUP ( inetOrgPerson $ orcluser ) STRUCTURAL )
And so when i with an ldap-browser export an user, then after deleting this user i add in the ldif-datei the followings attributes: objectClass: inetorcluser objectClass: orcluser orclpassword: xxxxxxxxx then i can import this user fine.
That for one user is ok but for a lot of users how can i do that - i tried with perl - but without success.
You can't change the structural objectClass of an entry: that would be a violation of the LDAP data model.
With OpenLDAP's slapd you can do this only by means of the "relax" control, which relaxes consistency checks __during__ an operation, only requiring them to be in force at the end of the operation (namely, with that control in place you can change the structural objectClass of an entry, but the resulting entry must comply with the LDAP specifications).
In OpenLDAP 2.3, the "relax" control is called "manageDIT" (not to be confused with "manageDSAit"), and its OID is 1.3.6.1.4.1.4203.666.5.12 (it's experimental).
All you need to do consists in adding that control to the LDAP modify request.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
On Monday 14 January 2008 17:45:21 alois blasbichler wrote:
Hello list
We use openldap 2.3.39. I want to add with a perl-script to all my users this attributes : objectClass: orcluser orclpassword: xxxxxxxxx
I dont now how do that with a script. Actually my users haves this objectClasses : objectClass: top objectClass: hordePerson objectClass: shadowAccount objectClass: posixAccount objectClass: person objectClass: inetOrgPerson objectClass: SuSEeMailObject objectClass: sambaSamAccount
I defined an : objectclass ( 1.1.2.881.881.555.666 NAME 'inetorcluser' DESC 'inetorcluser' SUP ( inetOrgPerson $ orcluser ) STRUCTURAL )
Where is the definition for orcluser ? If it is AUXILIARY, or if you can make it auxiliary, then you can just add the two attributes in question, without changing the strucutural objectclass, and you could generated ldif such as this:
dn: uid=xxx,ou=yyy,dc=mydomain,dc=com changetype: modify add: objectclass objectclass: orcluser - add: orclpassword orclpassword: xyz
and use ldapmodify to apply these changes.
Or, do the equivalent mods directly with Net::LDAP.
Quoting Buchan Milne bgmilne@staff.telkomsa.net:
On Monday 14 January 2008 17:45:21 alois blasbichler wrote:
Hello list
We use openldap 2.3.39. I want to add with a perl-script to all my users this attributes : objectClass: orcluser orclpassword: xxxxxxxxx
I dont now how do that with a script. Actually my users haves this objectClasses : objectClass: top objectClass: hordePerson objectClass: shadowAccount objectClass: posixAccount objectClass: person objectClass: inetOrgPerson objectClass: SuSEeMailObject objectClass: sambaSamAccount
I defined an : objectclass ( 1.1.2.881.881.555.666 NAME 'inetorcluser' DESC 'inetorcluser' SUP ( inetOrgPerson $ orcluser ) STRUCTURAL )
Where is the definition for orcluser ? If it is AUXILIARY, or if you can make it auxiliary, then you can just add the two attributes in question, without changing the strucutural objectclass, and you could generated ldif such as this:
Hello
Thank you for the 2 answers. Yes so - defining orcluser like AUXILIARY its working fine and is it simple to implement. The solution proposed from Pierangelo seems more "difficult" .
Thank you again and by luis
openldap-technical@openldap.org