[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: export ldif???


Tried a few more things, and (as seems to be the usual),
when I used ldapadd w/ serveraccess: xyz abc,
ldapadd adds it exactly like that.  (I did exactly the same thing a few
days before, and I even had it in a script, and it added two serverAccess
fields, one for each, the way it needs to be so I can log into the
Now, using gq, I can get two serverAccess fields, and using ldapModify, I
am allowed to do this as well, yet ldapAdd doesn't like this format.
Any way around this?


On Thu, 16 Aug 2001, Andrew C. Altepeter wrote:

> Hey all,
> I am using my openldap db to authinticate to systems via pam...but wait!
> before you hit the delete button, this isn't a pam related issue.
> I have an attribute called serverAccess that defines whether a person is
> allowed to login to a certain system or not.  Now, I need one of these
> babies for each system.  Ok, that's fine and dandy, and everything works
> just fine.  However, if I use slapcat to export an ldif of my database,
> something funny happens:
> For now, all of my users have two serverAccess entries, and when exported,
> it looks like this:
> dn:...
> ...
> ...
> serverAccess: xyz.com
> serverAccess: abc.com
> ...
> Now if I were to add this ldif file using ldapadd (I confess, I haven't
> tested it using slapadd), I get this error:
> ldap_add: Invalid syntax
>         additional info: serverAccess: multiple value provided
> in other words, ldapadd doesn't like the two serverAccess attributes.
> now, if I make a test ldif, and have the serverAccess look like this:
> serverAccess: xyz.com abc.com
> ldapadd doesn't complain.
> It is sort of important that this works correctly, so my big question is:
> is this a bug/feature, or is there something I am doing wrong when I
> export(I doubt that)?
> Of course, I could write a script that will go through my couple thousand
> user objects and fix this little problem, but I would really like to not
> do that.
> Any help?
> Andy