> On 18 Jun 2018, at 12:33, Zeus Panchenko <[email protected]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > hi > > what is the best practice to moddn() for branch of objects?
I’m not really sure “best practice” is relevant here - whatever you need to do needs to be expressed in LDAP protocol requests. I would note that storing entries subordinate to user entries is rather unusual. Not illegal in any way, just unusual and it would surprise most people who were familiar with LDAP. > > lets say we have two objects: > > - ---[ user A start ]------------------------------------------- > dn: uid=naf.nafus,ou=People,dc=umidb > dn: [email protected],uid=naf.nafus,ou=People,dc=umidb > dn: > [email protected],[email protected],uid=naf.nafus,ou=People,dc=umidb > dn: [email protected],uid=naf.nafus,ou=People,dc=umidb > dn: > cn=dev-ap-notebook,[email protected],uid=naf.nafus,ou=People,dc=umidb > dn: > [email protected],uid=naf.nafus,ou=People,dc=umidb > dn: > [email protected],[email protected],uid=naf.nafus,ou=People,dc=umidb > dn: > [email protected],uid=naf.nafus,ou=People,dc=umidb > dn: > [email protected],[email protected],uid=naf.nafus,ou=People,dc=umidb > - ---[ user A end ]------------------------------------------- > > and > > - ---[ user B start ]------------------------------------------- > dn: uid=taf.taffij,ou=People,dc=umidb So there are two cases to consider: * user B already exists * user B does not exist In the first case, you can iterate through all of user A’s immediate children and modifydn each of them. Do you delete user A at the end? Alternative in the first case, you could delete user B first and then just use modifydn once to move user A to user B. In the second case, just modifydn user A to user B in a single operation. You may need to refine your question a bit more. > > to do that, I take target branch subtree and „re-write“ DN of each object to > be reassigned ... > (https://github.com/z-eos/umi/blob/master/lib/LDAP_CRUD.pm#L992) > > > what I think of is something like this: > > - ---[ quotation start ]------------------------------------------- > $dn = > '[email protected],uid=naf.nafus,ou=People,dc=umidb'; > $mesg = $ldap->moddn( $dn, > newsuperior => 'uid=taf.taffij,ou=People,dc=umidb', > recursively => 1 ); Net::LDAP’s moddn method does not take a “recursively” option. The LDAP modifydn operation is already defined to move all the entry's children. If the server cannot perform that operation, it will return an error instead. Cheers, Chris
