Sorry for my late reply ! I have a so hard week. A lot of work...
Thank you very much Quanah, David and Ulrich. Sadly ldapdiff is not present anymore in the Debian repositories. I will check if I can use the other tools or use my own script. Thank you again for your help ! Baptiste. Le lun. 1 févr. 2021 à 08:02, Ulrich Windl <[email protected]> a écrit : > > >>> Prunk Dump <[email protected]> schrieb am 29.01.2021 um 11:07 in > >>> Nachricht > <CALr0QzGOFoAr+=3-xohtb7gkwfvltzxo-q5y3dp7nens2ev...@mail.gmail.com>: > > Hello ! > > > > My network infrastructure uses some special database not compatible > > with LDAP. But I need an OpenLDAP server to administer my Web Services > > accounts on my DMZ. > > > > So I have written a script to export our "special" database to an LDIF > > file. This works pretty well. I've successfully loaded it on my > > OpenLDAP server. > > > > But now I don't know how to update my OpenLDAP database from the new > > generated LDIF files (when users are added, updated or removed) > > without disturbing the whole LDAP service (it's not a very good idea > > to delete the entire database and recreate it from the new LDIF file > > as it stop the service completely during the operation). > > > > Is there a way to update an OpenLDAP database to fit a new given LDIF file ? > > -> Updating/deleting the OUs > > -> Deleting the objects that are not present. > > -> Deleting the attributes removed. > > -> Updating the attributes that have changed without deleting the object. > > Doing this step by step to disturb as little as possible the OpenLDAP > > service. > > I think you should think in "deltas" (changes) instead of whole databses. > Then ldapmodify is the tool to use and you'd have to write LDIF files that > perform the changes. > > An example for such a file would look similar to this: > > dn: uid=t...,ou=...,dc=de > changetype: modify > add: pwdPolicySubentry > pwdPolicySubentry: cn=PP-Default,dc=policies,dc=...,dc=de > > dn: uid=o...,ou=...,dc=de > changetype: modify > add: pwdPolicySubentry > pwdPolicySubentry: cn=PP-Default,dc=policies,dc=...,dc=de > > dn: uid=m...,ou=...,dc=de > changetype: modify > replace: pwdChangedTime > pwdChangedTime: 20201223135924Z > - > replace: userPassword > userPassword: {SSHA}blabla... > - > add: pwdHistory > pwdHistory: 20201223135924Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA}blabla... > - > delete: pwdGraceUseTime > pwdGraceUseTime: 20180725081753Z > pwdGraceUseTime: 20180725081756Z > pwdGraceUseTime: 20180725081758Z > pwdGraceUseTime: 20201201095616Z > pwdGraceUseTime: 20201201095619Z > > So you get the idea. > > > > > Thanks for the help. > > > > Regards, > > > > Baptiste. > > > >
