[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: synchronisation of LDAP with non-ldap data

--On Monday, March 22, 2004 1:14 PM +0100 denis.havlik@t-mobile.at wrote:

From time to time following things will happen:

* old employees go away,
* new people arrive,
* some folks change name (or other data)

Thus, I need to practically check all the LDAP user entries every night,
find the differences between "now" and "before", add new users, delete
(or at least somehow disable) old users, and possibly change some info
for others. The question is: "what is the best way to do this":

1) keep the "old" SAP export, do a "diff" over old and new one, and do
the LDAP stuff only on the difference.
2) Go with "brute force", and do a sweep over the SAP list, controlling
every LDAP entry, followed by another sweep to find the folks that aren't
in SAP list anymore. (OK, i could add "last updated" field, and then
disable all the entries that weren't updated)
3) Do the "diff" as in 1, check that the diff isn't too big and then
proceed with brute force as in 2.

You might look at the Perl LDIF module. It allows you to load up 2 LDIF files and compare entries. You could then put together the diff's of existing entries from the SAP output, and easily output the ADD's by what is in the SAP LDIF portion and not in your server's LDAP portion. This means you would need to export your master's DB on a regular basis (we do that nightly ).

Personally, I'd advocate setting up an event based system for the long-term.


-- Quanah Gibson-Mount Principal Software Developer ITSS/TSS/Computing Systems ITSS/TSS/Infrastructure Operations Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html