Re: what is the best practice to modrdn for branch of objects?
Hi, Am Dienstag, 19. Juni 2018, 08:45:08 CEST schrieb Chris Ridd: > > On 19 Jun 2018, at 05:58, Zeus Panchenko wrote: > > > > Chris Ridd wrote: > >> Net::LDAP's moddn method does not take a „recursively“ option. > > > > may it sound sane to add it to the method? > > > >> The LDAP modifydn operation is already defined to move all the entry's > >> children. > > > > I believe, it'd be great to have something like that in Net::LDAP too … > > Well that’s up to Peter, but I would say that no it doesn’t make sense > because the operations in LDAP.pm only do what the RFCs describe. perl-ldap's first objective is to make the LDAP operations specified in the LDAP specs available to Perl. The operation defined in the specs provide a clear, well defined foundation. I do not intend to modify the base operations from the specs. > I think you should write your own wrapper/utility function that does what > your use case needs. This is definitely preferable. perl ldap has the Net::LDAP::Extra module that allows for easy extension (see Net::LDAP::Extra::AD, Net::LDAP::Extra::eDirectory If you provide code that is reasonably generic (and does not only fulfill your specific use case), I may consider including it. (No guarantee) Best PEter -- Peter Marschall pe...@adpm.de
Re: what is the best practice to modrdn for branch of objects?
> On 19 Jun 2018, at 05:58, Zeus Panchenko wrote: > > Chris Ridd wrote: >> Net::LDAP's moddn method does not take a „recursively“ option. > > may it sound sane to add it to the method? > >> The LDAP modifydn operation is already defined to move all the entry's >> children. > > I believe, it'd be great to have something like that in Net::LDAP too … Well that’s up to Peter, but I would say that no it doesn’t make sense because the operations in LDAP.pm only do what the RFCs describe. I think you should write your own wrapper/utility function that does what your use case needs. Cheers, Chris
Re: what is the best practice to modrdn for branch of objects?
Chris Ridd wrote: > I would note that storing entries subordinate to user entries is rather > unusual. yes, it is, the idea was to hold all related to user branches in one single root here there is the diagram of DB topology: https://raw.githubusercontent.com/z-eos/umi/master/doc/umi-db-diagram-plane.png > So there are two cases to consider: > * user B already exists yes, it is the idea is to reassign some existing subordinate branch to another existent user > In the first case, you can iterate through all of user A's immediate > children and modifydn each of them. it is just what I do, but it involves a lot of „hand“ work (the URL I provided in my initial post) > Do you delete user A at the end? no, the idea is to delegate some service of user A to user B > Alternative in the first case, you could delete user B first and then > just use modifydn once to move user A to user B. no, it is not what is needed since user B has his own, assigned to him services > You may need to refine your question a bit more. was I successful in that? > Net::LDAP's moddn method does not take a „recursively“ option. may it sound sane to add it to the method? > The LDAP modifydn operation is already defined to move all the entry's > children. I believe, it'd be great to have something like that in Net::LDAP too ... -- Zeus V. Panchenko jid:z...@im.ibs.dn.ua IT Dpt., I.B.S. LLC GMT+2 (EET) signature.asc Description: PGP signature
Re: what is the best practice to modrdn for branch of objects?
> On 18 Jun 2018, at 12:33, Zeus Panchenko wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > hi > > what is the best practice to moddn() for branch of objects? I’m not really sure “best practice” is relevant here - whatever you need to do needs to be expressed in LDAP protocol requests. I would note that storing entries subordinate to user entries is rather unusual. Not illegal in any way, just unusual and it would surprise most people who were familiar with LDAP. > > lets say we have two objects: > > - ---[ user A start ]--- > dn: uid=naf.nafus,ou=People,dc=umidb > dn: authorizedService=w...@borg.startrek.in,uid=naf.nafus,ou=People,dc=umidb > dn: > uid=q...@borg.startrek.in,authorizedService=w...@borg.startrek.in,uid=naf.nafus,ou=People,dc=umidb > dn: authorizedService=o...@borg.startrek.in,uid=naf.nafus,ou=People,dc=umidb > dn: > cn=dev-ap-notebook,authorizedService=o...@borg.startrek.in,uid=naf.nafus,ou=People,dc=umidb > dn: > authorizedService=m...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb > dn: > uid=naf.na...@starfleet.startrek.in,authorizedService=m...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb > dn: > authorizedService=x...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb > dn: > uid=naf.naf...@starfleet.startrek.in,authorizedService=x...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb > - ---[ user A end ]--- > > and > > - ---[ user B start ]--- > dn: uid=taf.taffij,ou=People,dc=umidb So there are two cases to consider: * user B already exists * user B does not exist In the first case, you can iterate through all of user A’s immediate children and modifydn each of them. Do you delete user A at the end? Alternative in the first case, you could delete user B first and then just use modifydn once to move user A to user B. In the second case, just modifydn user A to user B in a single operation. You may need to refine your question a bit more. > > to do that, I take target branch subtree and „re-write“ DN of each object to > be reassigned ... > (https://github.com/z-eos/umi/blob/master/lib/LDAP_CRUD.pm#L992) > > > what I think of is something like this: > > - ---[ quotation start ]--- > $dn = > 'authorizedService=x...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb'; > $mesg = $ldap->moddn( $dn, > newsuperior => 'uid=taf.taffij,ou=People,dc=umidb', > recursively => 1 ); Net::LDAP’s moddn method does not take a “recursively” option. The LDAP modifydn operation is already defined to move all the entry's children. If the server cannot perform that operation, it will return an error instead. Cheers, Chris
what is the best practice to modrdn for branch of objects?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hi what is the best practice to moddn() for branch of objects? lets say we have two objects: - ---[ user A start ]--- dn: uid=naf.nafus,ou=People,dc=umidb dn: authorizedService=w...@borg.startrek.in,uid=naf.nafus,ou=People,dc=umidb dn: uid=q...@borg.startrek.in,authorizedService=w...@borg.startrek.in,uid=naf.nafus,ou=People,dc=umidb dn: authorizedService=o...@borg.startrek.in,uid=naf.nafus,ou=People,dc=umidb dn: cn=dev-ap-notebook,authorizedService=o...@borg.startrek.in,uid=naf.nafus,ou=People,dc=umidb dn: authorizedService=m...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb dn: uid=naf.na...@starfleet.startrek.in,authorizedService=m...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb dn: authorizedService=x...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb dn: uid=naf.naf...@starfleet.startrek.in,authorizedService=x...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb - ---[ user A end ]--- and - ---[ user B start ]--- dn: uid=taf.taffij,ou=People,dc=umidb - ---[ user B end ]--- now, I want to „reassign“ user A branch (and all of it's leaves) to user B - ---[ user A branch to reassign start ]--- dn: authorizedService=x...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb dn: uid=naf.naf...@starfleet.startrek.in,authorizedService=x...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb - ---[ user A branch to reassign end ]--- so, user B becomes - ---[ „new“ user B start ]--- dn: uid=taf.taffij,ou=People,dc=umidb dn: authorizedService=x...@starfleet.startrek.in,uid=taf.taffij,ou=People,dc=umidb dn: uid=naf.naf...@starfleet.startrek.in,authorizedService=x...@starfleet.startrek.in,uid=taf.taffij,ou=People,dc=umidb - ---[ „new“ user B end ]--- to do that, I take target branch subtree and „re-write“ DN of each object to be reassigned ... (https://github.com/z-eos/umi/blob/master/lib/LDAP_CRUD.pm#L992) what I think of is something like this: - ---[ quotation start ]--- $dn = 'authorizedService=x...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb'; $mesg = $ldap->moddn( $dn, newsuperior => 'uid=taf.taffij,ou=People,dc=umidb', recursively => 1 ); - ---[ quotation end ]--- - -- Zeus V. Panchenko jid:z...@im.ibs.dn.ua IT Dpt., I.B.S. LLC GMT+2 (EET) -BEGIN PGP SIGNATURE- iF0EARECAB0WIQQYIXL6FUmD7SUfqoOveOk+D/ejKgUCWyeYpwAKCRCveOk+D/ej KrMyAJ9pkQ5HzEX1iIGBI8WNJDKpKEMiOgCg1UtQBvbNIwuPEZAMIyutWi5E690= =S2qO -END PGP SIGNATURE-
