[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: DN question



2008/8/15 Andrew Findlay <andrew.findlay@skills-1st.co.uk>:
> On Fri, Aug 15, 2008 at 10:41:54AM +0200, Kós Tamás wrote:
>
>> >> I got a little bit off topic problem, but I hope you can help me about
>> >> it. We got an LDAP directory, with many names. We got some same CNs
>> >> for instance: John Smiths. The only difference is between the 2 names
>> >> is the e-mail address. How can I modify one of them? ldapmodify
>> >> request DN, but our enviroment DN seems to be DN: CN=John Smiths.
>> >> How can I include the e-mail address to the DN?
>
>> Thank for your help. I tried to search with this command:
>> ldapsearch -xv -h host.somewhere.net -D "CN=jsmiths,O=ACME" -w
>> password mail=jsmiths@moewhere.net+CN=John\ Smiths
>> Nothing found...
>
> Ah - we have some confusion here. Michael and I both replied to your
> first message assuming that you wanted to add new entries for two
> people with the same name. I now think that you are trying to
> find and modify an existing entry.
>
> If you already have two people in the directory who have the same name
> then they must have different DNs. It does not matter what those DNs
> are - we just need to find them. It looks as if the mail address is
> the best way to select the one you want so the search should look
> something like this:
>
>        ldapsearch -x -h host.somewhere.net -D "CN=jsmiths,O=ACME" \
>                -w password -b O=ACME mail=jsmiths@moewhere.net
>
> Note that I am assuming that there really is a user with DN
> "CN=jsmiths,O=ACME". If not, you will get an "Invalid credentials"
> error. In many directories you do not need to specify the DN and
> password as they allow anonymous users to search and read.
>
> Note also that I have supplied a base for the search with the -b
> flag. If you do not do this you will get a "No such object" error.
> The base object must exist.
>
>> This persons don't have O or DC attributes.
>> Can I ask you to give me some examples for searches and to modify
>> people by mail and CN attributes.
>
> Get the search working first, to find the DN of the entry.
> To modify the entry using command-line tools you will need to write
> a small LDIF file. Let us assume that you want to add a phone
> number to CN=jsmiths,O=ACME:
>
> dn: CN=jsmiths,O=ACME
> changetype: modify
> add: telephonenumber
> telephonenumber: +1 234 567 890
>
> (the file should end with a blank line).
>
> Now the command will be:
>
> ldapmodify -x -h host.somewhere.net -D "CN=jsmiths,O=ACME" \
>        -w password -f FILENAME
>
> This assumes that the user "CN=jsmiths,O=ACME" is allowed
> to modify their own entry.
>
> You may find it easier to do this sort of job using a GUI tool.
> Why not try jXplorer?
>
> Andrew
> --
> -----------------------------------------------------------------------
> |                 From Andrew Findlay, Skills 1st Ltd                 |
> | Consultant in large-scale systems, networks, and directory services |
> |     http://www.skills-1st.co.uk/                +44 1628 782565     |
> -----------------------------------------------------------------------
>

Hi!

For information a search output:

xxx:~/ldap # ldapsearch -xv -h xxx.xxx.xx -D "CN=xxx,OU=xxx,O=xxx" -w
xxxxxx uid=gjakab2
ldap_initialize( ldap://xxx.xxx.xxx )
filter: uid=gjakab2
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: uid=gjakab2
# requesting: ALL
#

# Gipsz Jakab
dn: CN=Gipsz Jakab
cn: Gipsz Jakab
mail: gjakab@xxx.xxx
displayname: Gipsz Jakab
objectclass: dominoPerson
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
mailsystem: 1
messagestorage: 1
encryptincomingmail: 0
roamcleansetting: 0
roamcleanper: 1
availablefordirsync: 1
checkpassword: 0
passwordchangeinterval: 0
passwordgraceperiod: 0
o: masik
sn: Gipsz Jakab
uid: gjakab2
roaminguser: 0
httppasswordchangedate: 20080624100633Z

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
xxx:~/ldap #



-- 
What kind of person would do this?"
"Only one kind. Whoever this player is, he has played World of
Warcraft nearly every hour of every day for the past year and a half.
Gentlemen, we are dealing with someone here who... had absolutely no
life."