2013/5/30 Quanah Gibson-Mount quanah@zimbra.com:
--On Thursday, May 30, 2013 7:51 PM +0200 Meike Stone meike.stone@googlemail.com wrote:
2013/5/30 Quanah Gibson-Mount quanah@zimbra.com:
--On Thursday, May 30, 2013 11:39 AM +0200 Meike Stone meike.stone@googlemail.com wrote:
Hello,
is it possible to use a ldif-backup with operation attributes (ldapsearch ... '+' '*') with slapadd, to save the operation attributes, if no slapcat backup is available? Are there any concerns?
If you can't get a slapcat backup, how would you get a ldapsearch backup?
That's a a ldif created from a colleague, before the database on the test system was deleted.. I want to simulate some documented test from this colleague, but ony the ldif exist and no slapcat.
So slapadd it. slapadd will automatically generate the operational attrs.
I want to preserve the operational attributes from the ldapsearch ldif (created with '+' '*'). But I saw, that a ldapsearch ldif with operational attributes has a more operational attributes than from the slapcat ldif.
Is it possible with this ldif, to create the database like my colleague it used?
Thanks Meike
--On Thursday, May 30, 2013 8:04 PM +0200 Meike Stone meike.stone@googlemail.com wrote:
I want to preserve the operational attributes from the ldapsearch ldif (created with '+' '*'). But I saw, that a ldapsearch ldif with operational attributes has a more operational attributes than from the slapcat ldif.
An ldapsearch generated and slapcat generated LDIF of the same db will be identical for *,+ for ldapsearch. So your statement doesn't really make much sense.
Is it possible with this ldif, to create the database like my colleague it used?
Why wouldn't it be possible?
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
On 2013-05-30 20:08, Quanah Gibson-Mount wrote:
meike.stone@googlemail.com wrote:
I want to preserve the operational attributes from the ldapsearch ldif (created with '+' '*'). But I saw, that a ldapsearch ldif with operational attributes has a more operational attributes than from the slapcat ldif.
An ldapsearch generated and slapcat generated LDIF of the same db will be identical for *,+ for ldapsearch. So your statement doesn't really make much sense.
Sure it does. slapcat gives the raw data in LDIF format. ldapsearch runs it through overlays. It can generate dynamic attrs, rewrite, and reorder data. LDAP mostly leaves ordering unspecified.
Is it possible with this ldif, to create the database like my colleague it used?
Why wouldn't it be possible?
It could contain generated read-only attrs like memberOf. Still, I'd just try it and see. After backing up the DB with slapcat if it may be necessary to revert and retry.
If some attr is not accepted, remove it from the ldif and try again, and check if ladpsearch regenerates it or if the config must be tweaked to do so. E.g. perl -wp00e 's/\r?\n //g' input.ldif | grep -v '^memberOf:'
Hallvard
--On Friday, May 31, 2013 12:56 AM +0200 Hallvard Breien Furuseth h.b.furuseth@usit.uio.no wrote:
On 2013-05-30 20:08, Quanah Gibson-Mount wrote:
meike.stone@googlemail.com wrote:
I want to preserve the operational attributes from the ldapsearch ldif (created with '+' '*'). But I saw, that a ldapsearch ldif with operational attributes has a more operational attributes than from the slapcat ldif.
An ldapsearch generated and slapcat generated LDIF of the same db will be identical for *,+ for ldapsearch. So your statement doesn't really make much sense.
Sure it does. slapcat gives the raw data in LDIF format. ldapsearch runs it through overlays. It can generate dynamic attrs, rewrite, and reorder data. LDAP mostly leaves ordering unspecified.
Ah good point... I don't use such overlays. ;)
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Hallvard Breien Furuseth wrote:
On 2013-05-30 20:08, Quanah Gibson-Mount wrote:
meike.stone@googlemail.com wrote:
I want to preserve the operational attributes from the ldapsearch ldif (created with '+' '*'). But I saw, that a ldapsearch ldif with operational attributes has a more operational attributes than from the slapcat ldif.
An ldapsearch generated and slapcat generated LDIF of the same db will be identical for *,+ for ldapsearch. So your statement doesn't really make much sense.
Sure it does. slapcat gives the raw data in LDIF format. ldapsearch runs it through overlays. It can generate dynamic attrs, rewrite, and reorder data. LDAP mostly leaves ordering unspecified.
Good point but...
It could contain generated read-only attrs like memberOf.
..for better performance 'memberOf' is stored in the DB (and e.g. indexed) and LDIF generated by slapcat indeed contains values of attribute 'memberOf'.
I'd be more worried about whether the identity used during ldapsearch has read access to all attributes. LDAP access is subject to ACL checking whereas slapcat is not.
Ciao, Michael.
openldap-technical@openldap.org
-
Hallvard Breien Furuseth -
Meike Stone -
Michael Ströder -
Quanah Gibson-Mount