Masarati wrote:
slapo-memberof(5) does not support tool mode; in order to populate the memberOf attribute of an existing database you need to use ldapadd(1). You could, for example, dump your group entries, remove them, and re-add them via ldapadd(1).
Thanks for clearing that out. Could this be mentioned in the documentation somewhere (e.g. slapo-memberof(5))?
So, the procedure would look something like this? Scripting would be a lot easier if ldapsearch could optionally output DNs without wrapping lines.
# dump existing groups ldapsearch -H ldap://localhost:389 -b dc=example,dc=org -x -w XXXX -D cn=manager,dc=example,dc=org '(objectclass=groupofnames)' > groups.ldif
# list existing groups by DN cat groups.ldif | perl -p00e 's/\r?\n //g' |grep '^dn: ' | sed -e 's/^dn: //' > groups_to_del.ldif
# remove existing groups ldapdelete -v -c -H ldap://localhost:389 -x -w XXXX -D cn=manager,dc=example,dc=org -f groups_to_del.ldif
# re-add groups ldapadd -v -H ldap://localhost:389 -x -w XXXX -D cn=manager,dc=example,dc=org -f groups.ldif
best regards,
marko
Asplund Marko wrote:
Masarati wrote:
slapo-memberof(5) does not support tool mode;
*No* overlays support tool mode. That's fundamental to the design.
in order to populate the memberOf attribute of an existing database you need to use ldapadd(1). You could, for example, dump your group entries, remove them, and re-add them via ldapadd(1).
Thanks for clearing that out. Could this be mentioned in the documentation somewhere (e.g. slapo-memberof(5))?
On 05/12/2011 19:42, "Howard Chu" hyc@symas.com wrote:
... Masarati wrote:
slapo-memberof(5) does not support tool mode;
*No* overlays support tool mode. That's fundamental to the design.
Being an OpenLDAP novice I'm a bit confused about what this means in practice.
I tried adding a group to my directory using slapadd and I can confirm what Bryce Powell already reported: memberOf attribute value for group members don't get populated when the group is added using slapadd.
Could someone explain what "supporting tool mode" means in concrete terms in this case? What's the recommended method for importing groups so that member's memberOf attribute values get correctly populated?
Marko
--On Wednesday, December 07, 2011 3:08 PM +0000 Asplund Marko marko.asplund@ixonos.com wrote:
On 05/12/2011 19:42, "Howard Chu" hyc@symas.com wrote:
... Masarati wrote:
slapo-memberof(5) does not support tool mode;
*No* overlays support tool mode. That's fundamental to the design.
Being an OpenLDAP novice I'm a bit confused about what this means in practice.
I tried adding a group to my directory using slapadd and I can confirm what Bryce Powell already reported: memberOf attribute value for group members don't get populated when the group is added using slapadd.
Could someone explain what "supporting tool mode" means in concrete terms in this case? What's the recommended method for importing groups so that member's memberOf attribute values get correctly populated?
"slapadd" is a tool. "slapcat" is a tool. Running either of those binaries means you're running in "tool mode".
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
On 07/12/2011 21:03, "Quanah Gibson-Mount" quanah@zimbra.com wrote:
... "slapadd" is a tool. "slapcat" is a tool. Running either of those binaries means you're running in "tool mode".
Thanks for clearing that up.
Is there something special we need to do in order to get memberOf attribute values populated in tool mode? I interpreted Howard's comments so that slapo-memberof supports tool mode while tests done by me and Bryce suggest that it's not working as expected.
Are there any caveats that I should be aware of when importing data in this case using slapadd?
marko
--On Thursday, December 08, 2011 1:20 PM +0000 Asplund Marko marko.asplund@ixonos.com wrote:
On 07/12/2011 21:03, "Quanah Gibson-Mount" quanah@zimbra.com wrote:
... "slapadd" is a tool. "slapcat" is a tool. Running either of those binaries means you're running in "tool mode".
Thanks for clearing that up.
Is there something special we need to do in order to get memberOf attribute values populated in tool mode? I interpreted Howard's comments so that slapo-memberof supports tool mode while tests done by me and Bryce suggest that it's not working as expected.
That is not what Howard said at all. He said:
"*No* overlays support tool mode. That's fundamental to the design."
I.e., no overlay gets loaded when you're running in tool mode.
Are there any caveats that I should be aware of when importing data in this case using slapadd?
See the above statement.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
Asplund Marko -
Howard Chu -
Quanah Gibson-Mount