[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Problem importing LDIF file

I've been using ldapadd, but I can certainly give slapadd a try.  However, I
realized that even if I can get the LDIF file to import, how would I make
sure that deleted users are removed from the OpenLDAP database?  They
wouldn't be present in the new LDIF files (the ones generated after the user
is deleted), but they would still be present in the OpenLDAP database from
before they were deleted in AD.

-----Original Message-----
From: Quanah Gibson-Mount [mailto:quanah@stanford.edu] 
Sent: Monday, June 13, 2005 1:19 PM
To: Boxall, Colin - OASAM CTR; 'openldap-software@OpenLDAP.org'
Subject: Re: Problem importing LDIF file

--On Monday, June 13, 2005 10:49 AM -0400 "Boxall, Colin - OASAM CTR" 
<Boxall.Colin@dol.gov> wrote:

> Intro and background: I'm running OpenLDAP 2.26 on a Suse Enterprise
> Server 9.0.  I'm trying to use the OpenLDAP database to make a portion of
> Active Directory (just usernames, universal group memberships and email
> addresses) available to a segment of the DMZ that can't be allowed access
> to the entire Active Directory infrastructure.  To do this, the AD folks
> are going to provide me a daily LDIF (via a batch process) of all the
> user objects with just the attributes I need values for.  For security
> reasons, we can't use more typical replication techniques.  I need to
> then use a batch process to import those LDIF files into the OpenLDAP
> database.  I have run into a variety of problems linked to the facts that
> a) I've never used OpenLDAP before, and b) I've never used Linux before.
> I've managed to get Suse installed and OpenLDAP running, so I don't think
> the situation is completely hopeless.
> The problem I'm bringing up for discussion here is that when I try to
> import an LDIF file, it fails if any of the entries in LDIF file already
> exist in the LDAP database.  From reading over the archives, the best
> solution appears to be to kill the slapd process, delete the database
> files, restart the slapd process and then import the LDIF file to rebuild
> the database.  I think this is a lovely solution, since it also will
> delete accounts that don't exist in AD anymore.  The trouble is: how do I
> kill the slapd process in a batch process?  I don't know how to write
> batch files or their equivalent on Linux yet, but I imagine part of it
> will be figuring out what commands need to be executed, and since kill
> seems to require a process ID that changes over time, I'm not sure how to
> proceed.  Is there functionality with OpenLDAP to shut down slapd that I
> don't know about, or how should I do this?
> This might be a basic Linux usage issue, but I imagine that somebody on
> here is doing something similar with OpenLDAP and some other database and
> therefore can point me in the right direction.  Thanx!

Are you using ldapadd or slapadd?  Note that slapadd is preferred if you 
are starting the database from scratch.  I also suggest reading up on the 
"-c" option (continue on error) which will skip over the problem of entries 
already existing (but also any other data issues).


Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html