Thanks Thornton. Pls allow me to ask you 2 more questions.
I'm most probably be using PHP to perform all LDAP administration.
But if I don't change the "o=department" in the DN for all child entries
when the department name changes, then would I still be able to
perform a ldap search using the new department name as a base?
i.e. can i still perform:
ldapsearch -b "o=newdepartment, dc=company, dc=com" "uid=*"?
say if I really want to change/update to "o=newdepartment" in DN
for all child entries so that there's no obsolete info in the ldap
database, can the ldapmodrrn be used also? Any idea if PHP API
can change the dn of an entry?
> if i use only (without the o=department in dn):
> dn: uid=username, dc=company, dc=com
> objectclass....
> o: department
> ..... (other attributes/values)
> can i query the ldap database and return only unique values(one value)
for
> each department names?
> what is the command to do so?
This is easy with the shell tool. The command:
ldapsearch -b 'base dn' '(objectclass=organization)' o
will retrieve all 'o' attribute values from all objects of class
'organization'.
I tried the following:
1. created a dn: dc=company, dc=com entry
2. created a few users with dn: uid=username, dc=company, dc=com (note i'm
trying without the o=department in the DN)
but when i perform a "ldapsearch -b "dc=company,dc=com"
"objectclass=organization" o, it will return the repeated departments of
all entries:
uid=user1, dc=company, dc=com
o=department1
uid=user2, dc=company, dc=com
o=department2
uid=user3, dc=company, dc=com
o=department1 <---repeated
uid=user4, dc=company, dc=com
o=department2 <---repeated
Actually, I'm trying to get only 1 value for each department:
o=department1
o=department2
Any idea if it's possible using command line tool or using PHP?
Once again, thank you so much for your help :)
----- Original Message -----
From: Thornton Prime <[EMAIL PROTECTED]>
To: Corisen <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, November 26, 2000 6:23 AM
Subject: Re: ldap vs mysql
>
> > for each department, there will be a parent node with dn: o=depertment1,
> > dc=mycompany, dc=com.
> > under this node, there will be many child entries with:
> > dn: uid=username1, o=department1, dc=mycompany, dc=com
> > objectclass : ....
> > o: department1
> > ......(other attributes/values)
> >
> > so if i change the parent node to dn:o=departmentnew, dc=mycompany,
dc=com,
> > am i correct to say
> > that i should change all entries previously with dn:uid=username,
> > o=department1, dc=mycompany, dc=com
> > and o=department1 to o=department new? will ldap command line tool
> > automatically & recursively change all child entries'
> > dn and o attribures to the new department? if not, these users might
have
> > the wrong/old department info.
> > may i know what is the command to change the dn: o=department ..... to
> > o=departmentnew pls.
>
> The o value in the DN won't need to be changed, but if you use
> OpenLDAP, the o attribute in any child records will need to be changed
> individually, though doing this isn't really that hard.
>
> The ldapsearch tool can be used to find the records that need
> changin, and the ldapmodify command line tool can be used to modify their
> attributes, but you should consider using the Perl, Python, Java and C
> LDAP APIs for regular LDAP maintenence tasks like this.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
