> On May 1, 2024, at 5:31 PM, Quanah Gibson-Mount <[email protected]> wrote:
>
>
> --On Wednesday, May 1, 2024 10:56 PM +0000 "Singley, Norman"
> <[email protected]> wrote:
>
>>
>>
>> Hi All.
>>
>>
>>
>> I have had a question come down from our Enterprise information team –
>>
>>
>>
>> We currently create a separate identity in oldap for students vs
>> faculty/staff, but want to start creating only one identity going
>> forward.
>>
>>
>>
>> The DN in the ldif is unique for these two identities, but they do share
>> a common attribute.
>>
>>
>>
>> Is there a way in the ldapmodify add process to query the whole directory
>> for an attribute coming from the ldif file, and then if it doesn't
>> exist reject the add for that identity, and then of course go on
>> processing the rest of the file?
>>
>>
>>
>> My gut says no, or at least not without some scripting that I am not
>> familiar with.
>
> There's not a lot of detail here that makes it easy to answer, but in general
> I'd suggest using something like python-ldap, and then:
>
> query for attribute
> exists? reject
> doesn't exist?
> modify or add
>
> It even has an LDIF parser, so you could theoretically give it your LDIF file
> and have it process per-entry as noted above. You could do something similar
> with Perl's perl-ldap module as well.
>
How about the slapo-unique overlay to enforce uniqueness across the DIT on the
shared attribute and ldapmodify -c to continue on errors?
Or, what am I missing here about the req’s?
> --Quanah
