Masarati wrote: > slapo-memberof(5) does not support tool mode; in order to populate the > memberOf attribute of an existing database you need to use ldapadd(1). > You could, for example, dump your group entries, remove them, and re-add > them via ldapadd(1).
Thanks for clearing that out. Could this be mentioned in the documentation somewhere (e.g. slapo-memberof(5))? So, the procedure would look something like this? Scripting would be a lot easier if ldapsearch could optionally output DNs without wrapping lines. # dump existing groups ldapsearch -H ldap://localhost:389 -b dc=example,dc=org -x -w XXXX -D cn=manager,dc=example,dc=org '(objectclass=groupofnames)' > groups.ldif # list existing groups by DN cat groups.ldif | perl -p00e 's/\r?\n //g' |grep '^dn: ' | sed -e 's/^dn: //' > groups_to_del.ldif # remove existing groups ldapdelete -v -c -H ldap://localhost:389 -x -w XXXX -D cn=manager,dc=example,dc=org -f groups_to_del.ldif # re-add groups ldapadd -v -H ldap://localhost:389 -x -w XXXX -D cn=manager,dc=example,dc=org -f groups.ldif best regards, marko
