These requirements are definitely too loosely described to be
implemented. But maybe prerequisites could be added to the slapadd
operation, mimicking dynamic dns (rfc2136)?
That way all prerequisites would be sent by the client, and the server
would "just" have too check them before applying the changes. I know
it looks a like as a ldapsearch (to check these prerequisites)
followed by a ldapadd, but if implemented server side it could be done
in an atomic way?

On Tue, Mar 24, 2015 at 11:56 PM, Howard Chu <h...@symas.com> wrote:
> Hallvard Breien Furuseth wrote:
>>
>> I'd like a slap tool which verifies an LDIF before I try to
>> ldapadd/slapadd it.
>> "slapadd -u -o value-check=yes" is fairly close.  What does it fail to
>> catch?
>> I can think of:
>>
>> - Duplicate entries.
>
>
> Quite an unrealistic requirement. You need to store the set of entryDNs to
> achieve this, and for a large LDIF you may need an actual database to manage
> this. Might as well just do a normal slapadd.
>
>
>> - Missing entries (if the initial DB is expected to be empty).
>> - Child entries before parents (OK for slapadd to at least
>> back-<bdb,hdb,mdb>).
>>
>> - Issues which the tool can only catch if it opens the database, like
>> attempts
>>    to add already-existing entries.  I probably don't want to do that.
>>
>> - Issues which overlays like slapo-unique would reject.  Can't do that,
>>    since the overlay won't have a non-empty DB to check against and slap
>>    tools do not use overlays anyway.  Might special-case "unique" though,
>>    since the "duplicate entries" check will need uniqueness code anyway.
>>
>
>
> --
>   -- Howard Chu
>   CTO, Symas Corp.           http://www.symas.com
>   Director, Highland Sun     http://highlandsun.com/hyc/
>   Chief Architect, OpenLDAP  http://www.openldap.org/project/
>



-- 
Mathieu

Reply via email to