[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: DN question



On Fri, Aug 15, 2008 at 10:41:54AM +0200, Kós Tamás wrote:

> >> I got a little bit off topic problem, but I hope you can help me about
> >> it. We got an LDAP directory, with many names. We got some same CNs
> >> for instance: John Smiths. The only difference is between the 2 names
> >> is the e-mail address. How can I modify one of them? ldapmodify
> >> request DN, but our enviroment DN seems to be DN: CN=John Smiths.
> >> How can I include the e-mail address to the DN?

> Thank for your help. I tried to search with this command:
> ldapsearch -xv -h host.somewhere.net -D "CN=jsmiths,O=ACME" -w
> password mail=jsmiths@moewhere.net+CN=John\ Smiths
> Nothing found...

Ah - we have some confusion here. Michael and I both replied to your
first message assuming that you wanted to add new entries for two
people with the same name. I now think that you are trying to 
find and modify an existing entry.

If you already have two people in the directory who have the same name
then they must have different DNs. It does not matter what those DNs
are - we just need to find them. It looks as if the mail address is
the best way to select the one you want so the search should look
something like this:

	ldapsearch -x -h host.somewhere.net -D "CN=jsmiths,O=ACME" \
		-w password -b O=ACME mail=jsmiths@moewhere.net

Note that I am assuming that there really is a user with DN
"CN=jsmiths,O=ACME". If not, you will get an "Invalid credentials"
error. In many directories you do not need to specify the DN and
password as they allow anonymous users to search and read.

Note also that I have supplied a base for the search with the -b
flag. If you do not do this you will get a "No such object" error.
The base object must exist.

> This persons don't have O or DC attributes.
> Can I ask you to give me some examples for searches and to modify
> people by mail and CN attributes.

Get the search working first, to find the DN of the entry.
To modify the entry using command-line tools you will need to write
a small LDIF file. Let us assume that you want to add a phone
number to CN=jsmiths,O=ACME:

dn: CN=jsmiths,O=ACME
changetype: modify
add: telephonenumber
telephonenumber: +1 234 567 890

(the file should end with a blank line).

Now the command will be:

ldapmodify -x -h host.somewhere.net -D "CN=jsmiths,O=ACME" \
	-w password -f FILENAME

This assumes that the user "CN=jsmiths,O=ACME" is allowed
to modify their own entry.

You may find it easier to do this sort of job using a GUI tool.
Why not try jXplorer?

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------