[Date Prev][Date Next] [Chronological] [Thread] [Top]

DN question



2008/8/15 Andrew Findlay <andrew.findlay@skills-1st.co.uk>:
> On Fri, Aug 15, 2008 at 10:41:54AM +0200, Kós Tamás wrote:
>
>> >> I got a little bit off topic problem, but I hope you can help me about
>> >> it. We got an LDAP directory, with many names. We got some same CNs
>> >> for instance: John Smiths. The only difference is between the 2 names
>> >> is the e-mail address. How can I modify one of them? ldapmodify
>> >> request DN, but our enviroment DN seems to be DN: CN=John Smiths.
>> >> How can I include the e-mail address to the DN?
>
>> Thank for your help. I tried to search with this command:
>> ldapsearch -xv -h host.somewhere.net -D "CN=jsmiths,O=ACME" -w
>> password mail=jsmiths@moewhere.net+CN=John\ Smiths
>> Nothing found...
>
> Ah - we have some confusion here. Michael and I both replied to your
> first message assuming that you wanted to add new entries for two
> people with the same name. I now think that you are trying to
> find and modify an existing entry.

Yes, we want to modify existing entries, which could be same CN, the
unique is the mail attribute.

> If you already have two people in the directory who have the same name
> then they must have different DNs. It does not matter what those DNs
> are - we just need to find them. It looks as if the mail address is
> the best way to select the one you want so the search should look
> something like this:
>
>        ldapsearch -x -h host.somewhere.net -D "CN=jsmiths,O=ACME" \
>                -w password -b O=ACME mail=jsmiths@moewhere.net
>

In this directory where are the two John Smiths don't have
Organization, because it has been synchronised from an other
directory. The unique attribute is the mail address... The Acme
organization needs for only the authentication. I could write admin,
not jsmiths. Sorry.

> Note that I am assuming that there really is a user with DN
> "CN=jsmiths,O=ACME". If not, you will get an "Invalid credentials"
> error. In many directories you do not need to specify the DN and
> password as they allow anonymous users to search and read.
>
> Note also that I have supplied a base for the search with the -b
> flag. If you do not do this you will get a "No such object" error.
> The base object must exist.
>
>> This persons don't have O or DC attributes.
>> Can I ask you to give me some examples for searches and to modify
>> people by mail and CN attributes.
>
> Get the search working first, to find the DN of the entry.
> To modify the entry using command-line tools you will need to write
> a small LDIF file. Let us assume that you want to add a phone
> number to CN=jsmiths,O=ACME:
>
> dn: CN=jsmiths,O=ACME
> changetype: modify
> add: telephonenumber
> telephonenumber: +1 234 567 890
>
> (the file should end with a blank line).
>
> Now the command will be:
>
> ldapmodify -x -h host.somewhere.net -D "CN=jsmiths,O=ACME" \
>        -w password -f FILENAME
>
> This assumes that the user "CN=jsmiths,O=ACME" is allowed
> to modify their own entry.
>
> Why not try jXplorer?
I will try it, thanks for the idea.
>
> Andrew
> --
> -----------------------------------------------------------------------
> |                 From Andrew Findlay, Skills 1st Ltd                 |
> | Consultant in large-scale systems, networks, and directory services |
> |     http://www.skills-1st.co.uk/                +44 1628 782565     |
> -----------------------------------------------------------------------
>



--
What kind of person would do this?"
"Only one kind. Whoever this player is, he has played World of
Warcraft nearly every hour of every day for the past year and a half.
Gentlemen, we are dealing with someone here who... had absolutely no
life."



-- 
What kind of person would do this?"
"Only one kind. Whoever this player is, he has played World of
Warcraft nearly every hour of every day for the past year and a half.
Gentlemen, we are dealing with someone here who... had absolutely no
life."