--On Friday, January 29, 2021 11:07 AM +0100 Prunk Dump
<[email protected]> wrote:
Hello !
My network infrastructure uses some special database not compatible
with LDAP. But I need an OpenLDAP server to administer my Web Services
accounts on my DMZ.
So I have written a script to export our "special" database to an LDIF
file. This works pretty well. I've successfully loaded it on my
OpenLDAP server.
But now I don't know how to update my OpenLDAP database from the new
generated LDIF files (when users are added, updated or removed)
without disturbing the whole LDAP service (it's not a very good idea
to delete the entire database and recreate it from the new LDIF file
as it stop the service completely during the operation).
Is there a way to update an OpenLDAP database to fit a new given LDIF
file ? -> Updating/deleting the OUs
-> Deleting the objects that are not present.
-> Deleting the attributes removed.
-> Updating the attributes that have changed without deleting the object.
Doing this step by step to disturb as little as possible the OpenLDAP
service.
There are a few utilities out there that you could use:
ldapdiff, which does the diff between a running server and an LDIF file:
<https://linux.die.net/man/1/ldapdiff>, <https://launchpad.net/ldapdiff>
ldifdiff.pl - A perl script that diffs two LDIF files:
<https://metacpan.org/pod/distribution/perl-ldap/contrib/ldifdiff.pl>
ldifdiff - A go program that diffs two LDIF files:
<https://github.com/nxadm/ldifdiff>
With any of these, you could generate the diff between your existing DB and
the new DB and then apply it with ldapmodify.
Overall, I'd suggest writing a process using python-ldap or similar that
writes the modifications directly to the LDAP server rather than doing
one-offs like this.
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
