Re: refresh the entire directory

[Allan E Johannesen <aej@WPI.EDU>]

>>>>> "Bing-Du" == Bing Du <Bing-Du@cis-gw.tamu.edu> writes:

Bing-Du> We use a home-grown script to build an LDIF file that contains all
Bing-Du> modifications for all the entries in the directory first.  Then the
Bing-Du> script calls ldapmodify to perform the real change with the directory
Bing-Du> server up.

Mine is a c program which compares the new entry to the existing one and only
feeds ldapmodify the differences.  The current record is kept in a database.
Having thought about it, I've realized I should be comparing the new record to
the current record from ldap itself, which would avoid skew between my local
database and ldap itself.

I'll make that change when I alter my stuff to use openldap 2 vs my current
openldap 1 setup.

Bing-Du> Your approach sounds like a brand new idea to me.  How many entries
Bing-Du> are their in your directory?  How long does it take starting from
Bing-Du> stopping the daemon till bring it back up after update?  I guess
Bing-Du> during this period, the directory is not available for being looked
Bing-Du> up, right?

For some years, I used to build from scratch daily, too, but switched to the
modification route in order to keep ldap up.  Previously, I'd only used ldap
for whitepages references, and didn't think that it being down for some minutes
a day was a particular problem, but I'm planning to use it for campus-wide
authentication, maybe for mail routing, and maybe more, so shutting it down is
not an option.