[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem importing LDIF file



Intro and background: I'm running OpenLDAP 2.26 on a Suse Enterprise Server
9.0.  I'm trying to use the OpenLDAP database to make a portion of Active
Directory (just usernames, universal group memberships and email addresses)
available to a segment of the DMZ that can't be allowed access to the entire
Active Directory infrastructure.  To do this, the AD folks are going to
provide me a daily LDIF (via a batch process) of all the user objects with
just the attributes I need values for.  For security reasons, we can't use
more typical replication techniques.  I need to then use a batch process to
import those LDIF files into the OpenLDAP database.  I have run into a
variety of problems linked to the facts that a) I've never used OpenLDAP
before, and b) I've never used Linux before.  I've managed to get Suse
installed and OpenLDAP running, so I don't think the situation is completely
hopeless. 

 

The problem I'm bringing up for discussion here is that when I try to import
an LDIF file, it fails if any of the entries in LDIF file already exist in
the LDAP database.  From reading over the archives, the best solution
appears to be to kill the slapd process, delete the database files, restart
the slapd process and then import the LDIF file to rebuild the database.  I
think this is a lovely solution, since it also will delete accounts that
don't exist in AD anymore.  The trouble is: how do I kill the slapd process
in a batch process?  I don't know how to write batch files or their
equivalent on Linux yet, but I imagine part of it will be figuring out what
commands need to be executed, and since kill seems to require a process ID
that changes over time, I'm not sure how to proceed.  Is there functionality
with OpenLDAP to shut down slapd that I don't know about, or how should I do
this?

 

This might be a basic Linux usage issue, but I imagine that somebody on here
is doing something similar with OpenLDAP and some other database and
therefore can point me in the right direction.  Thanx!