11:04 a.m.
2013/5/30 Quanah Gibson-Mount <quanah(a)zimbra.com>:
--On Thursday, May 30, 2013 7:51 PM +0200 Meike Stone
<meike.stone(a)googlemail.com> wrote:
> 2013/5/30 Quanah Gibson-Mount <quanah(a)zimbra.com>:
>>
>> --On Thursday, May 30, 2013 11:39 AM +0200 Meike Stone
>> <meike.stone(a)googlemail.com> wrote:
>>
>>> Hello,
>>>
>>>
>>> is it possible to use a ldif-backup with operation attributes
>>> (ldapsearch ... '+' '*') with slapadd, to save the operation
>>> attributes, if no slapcat backup is available? Are there any concerns?
>>
>>
>>
>> If you can't get a slapcat backup, how would you get a ldapsearch backup?
>>
>
> That's a a ldif created from a colleague, before the database on the
> test system was deleted..
> I want to simulate some documented test from this colleague, but ony
> the ldif exist and no slapcat.
So slapadd it. slapadd will automatically generate the operational attrs.
I want to preserve the operational attributes from the ldapsearch ldif
(created with '+' '*').
But I saw, that a ldapsearch ldif with operational attributes has a
more operational attributes than from the slapcat ldif.
Is it possible with this ldif, to create the database like my colleague it used?
Thanks Meike
11:08 a.m.
New subject: use ldif backup with operational attributes in conjunction with slapadd?
--On Thursday, May 30, 2013 8:04 PM +0200 Meike Stone
<meike.stone(a)googlemail.com> wrote:
I want to preserve the operational attributes from the ldapsearch
ldif
(created with '+' '*').
But I saw, that a ldapsearch ldif with operational attributes has a
more operational attributes than from the slapcat ldif.
An ldapsearch generated and slapcat generated LDIF of the same db will be
identical for *,+ for ldapsearch. So your statement doesn't really make
much sense.
Is it possible with this ldif, to create the database like my
colleague
it used?
Why wouldn't it be possible?
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
3:56 p.m.
New subject: use ldif backup with operational attributes in conjunction with slapadd?
On 2013-05-30 20:08, Quanah Gibson-Mount wrote:
<meike.stone(a)googlemail.com> wrote:
> I want to preserve the operational attributes from the ldapsearch
> ldif
> (created with '+' '*').
> But I saw, that a ldapsearch ldif with operational attributes has a
> more operational attributes than from the slapcat ldif.
An ldapsearch generated and slapcat generated LDIF of the same db
will be identical for *,+ for ldapsearch. So your statement doesn't
really make much sense.
Sure it does. slapcat gives the raw data in LDIF format. ldapsearch
runs it through overlays. It can generate dynamic attrs, rewrite,
and reorder data. LDAP mostly leaves ordering unspecified.
> Is it possible with this ldif, to create the database like my
> colleague
> it used?
Why wouldn't it be possible?
It could contain generated read-only attrs like memberOf.
Still, I'd just try it and see. After backing up the DB
with slapcat if it may be necessary to revert and retry.
If some attr is not accepted, remove it from the ldif and try again,
and check if ladpsearch regenerates it or if the config must be
tweaked to do so. E.g.
perl -wp00e 's/\r?\n //g' input.ldif | grep -v '^memberOf:'
Hallvard
4:04 p.m.
New subject: use ldif backup with operational attributes in conjunction with slapadd?
--On Friday, May 31, 2013 12:56 AM +0200 Hallvard Breien Furuseth
<h.b.furuseth(a)usit.uio.no> wrote:
On 2013-05-30 20:08, Quanah Gibson-Mount wrote:
> <meike.stone(a)googlemail.com> wrote:
>
>> I want to preserve the operational attributes from the ldapsearch
>> ldif
>> (created with '+' '*').
>> But I saw, that a ldapsearch ldif with operational attributes has a
>> more operational attributes than from the slapcat ldif.
>
> An ldapsearch generated and slapcat generated LDIF of the same db
> will be identical for *,+ for ldapsearch. So your statement doesn't
> really make much sense.
Sure it does. slapcat gives the raw data in LDIF format. ldapsearch
runs it through overlays. It can generate dynamic attrs, rewrite,
and reorder data. LDAP mostly leaves ordering unspecified.
Ah good point... I don't use such overlays. ;)
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
1:48 a.m.
New subject: use ldif backup with operational attributes in conjunction with slapadd?
Hallvard Breien Furuseth wrote:
On 2013-05-30 20:08, Quanah Gibson-Mount wrote:
> <meike.stone(a)googlemail.com> wrote:
>
>> I want to preserve the operational attributes from the ldapsearch ldif
>> (created with '+' '*').
>> But I saw, that a ldapsearch ldif with operational attributes has a
>> more operational attributes than from the slapcat ldif.
>
> An ldapsearch generated and slapcat generated LDIF of the same db
> will be identical for *,+ for ldapsearch. So your statement doesn't
> really make much sense.
Sure it does. slapcat gives the raw data in LDIF format. ldapsearch
runs it through overlays. It can generate dynamic attrs, rewrite,
and reorder data. LDAP mostly leaves ordering unspecified.
Good point but...
It could contain generated read-only attrs like memberOf.
..for better performance 'memberOf' is stored in the DB (and e.g. indexed) and
LDIF generated by slapcat indeed contains values of attribute 'memberOf'.
I'd be more worried about whether the identity used during ldapsearch has read
access to all attributes. LDAP access is subject to ACL checking whereas
slapcat is not.
Ciao, Michael.
3583
days inactive
3584
days old
openldap-technical@openldap.org
4 comments
4 participants
participants (4)
-
Hallvard Breien Furuseth -
Meike Stone -
Michael Ströder -
Quanah Gibson-Mount