[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: memberof overlay deployment
- To: "openldap-technical@OpenLDAP.org" <openldap-technical@OpenLDAP.org>
- Subject: Re: memberof overlay deployment
- From: Asplund Marko <marko.asplund@ixonos.com>
- Date: Mon, 5 Dec 2011 17:18:00 +0000
- Accept-language: en-US, fi-FI
- Content-id: <5062BA32C4EC59498FEADB52DC07D732@ixonos.com>
- Content-language: en-US
- Thread-index: AQHMs3HWBw5m1VYEF0SViQp1MTrxvQ==
- Thread-topic: memberof overlay deployment
- User-agent: Microsoft-MacOutlook/14.13.0.110805
Masarati wrote:
> slapo-memberof(5) does not support tool mode; in order to populate the
> memberOf attribute of an existing database you need to use ldapadd(1).
> You could, for example, dump your group entries, remove them, and re-add
> them via ldapadd(1).
Thanks for clearing that out.
Could this be mentioned in the documentation somewhere (e.g.
slapo-memberof(5))?
So, the procedure would look something like this?
Scripting would be a lot easier if ldapsearch could optionally output DNs
without wrapping lines.
# dump existing groups
ldapsearch -H ldap://localhost:389 -b dc=example,dc=org -x -w XXXX -D
cn=manager,dc=example,dc=org '(objectclass=groupofnames)' > groups.ldif
# list existing groups by DN
cat groups.ldif | perl -p00e 's/\r?\n //g' |grep '^dn: ' | sed -e 's/^dn:
//' > groups_to_del.ldif
# remove existing groups
ldapdelete -v -c -H ldap://localhost:389 -x -w XXXX -D
cn=manager,dc=example,dc=org -f groups_to_del.ldif
# re-add groups
ldapadd -v -H ldap://localhost:389 -x -w XXXX -D
cn=manager,dc=example,dc=org -f groups.ldif
best regards,
marko