> On 18 Jun 2018, at 12:33, Zeus Panchenko <z...@ibs.dn.ua> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > hi > > what is the best practice to moddn() for branch of objects?
I’m not really sure “best practice” is relevant here - whatever you need to do needs to be expressed in LDAP protocol requests. I would note that storing entries subordinate to user entries is rather unusual. Not illegal in any way, just unusual and it would surprise most people who were familiar with LDAP. > > lets say we have two objects: > > - ---[ user A start ]------------------------------------------- > dn: uid=naf.nafus,ou=People,dc=umidb > dn: authorizedService=w...@borg.startrek.in,uid=naf.nafus,ou=People,dc=umidb > dn: > uid=q...@borg.startrek.in,authorizedService=w...@borg.startrek.in,uid=naf.nafus,ou=People,dc=umidb > dn: authorizedService=o...@borg.startrek.in,uid=naf.nafus,ou=People,dc=umidb > dn: > cn=dev-ap-notebook,authorizedService=o...@borg.startrek.in,uid=naf.nafus,ou=People,dc=umidb > dn: > authorizedService=m...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb > dn: > uid=naf.na...@starfleet.startrek.in,authorizedService=m...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb > dn: > authorizedService=x...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb > dn: > uid=naf.naf...@starfleet.startrek.in,authorizedService=x...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb > - ---[ user A end ]------------------------------------------- > > and > > - ---[ user B start ]------------------------------------------- > dn: uid=taf.taffij,ou=People,dc=umidb So there are two cases to consider: * user B already exists * user B does not exist In the first case, you can iterate through all of user A’s immediate children and modifydn each of them. Do you delete user A at the end? Alternative in the first case, you could delete user B first and then just use modifydn once to move user A to user B. In the second case, just modifydn user A to user B in a single operation. You may need to refine your question a bit more. > > to do that, I take target branch subtree and „re-write“ DN of each object to > be reassigned ... > (https://github.com/z-eos/umi/blob/master/lib/LDAP_CRUD.pm#L992) > > > what I think of is something like this: > > - ---[ quotation start ]------------------------------------------- > $dn = > 'authorizedService=x...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb'; > $mesg = $ldap->moddn( $dn, > newsuperior => 'uid=taf.taffij,ou=People,dc=umidb', > recursively => 1 ); Net::LDAP’s moddn method does not take a “recursively” option. The LDAP modifydn operation is already defined to move all the entry's children. If the server cannot perform that operation, it will return an error instead. Cheers, Chris