On 26/9/05 11:30, Anthony M. Martinez <[EMAIL PROTECTED]> wrote: > Right now, I'm taking care of some horrible code written before I got here. It > relies on `ldapsearch` far too much for a perl script that says "use > Net::LDAP" > at the top. > > Anyway, my problem is, when the current code goes to change a username, he > dumps > it out to LDIF (one-long-string-argument "system" call here...) and iterates > over the file doing global replacements: $line =~ s/$uid/$new_uid/g and then > deletes the entry with ldapdelete and dumps it back in with ldapadd.
Wow. > Whatever. Totally wrong methods. My replacement architecture can grab an entry > and I can modify it to my hearts content using the right Net::LDAP calls. Yep. > This brings me to my question: What's the easiest/most correct way of going > over > all the values in a Net::LDAP::Entry and doing the global replacement? The > manpage scares me with it's talk of not modifying the asref=>1 objects > directly. I'm not sure that's quite the right approach either, but it depends on what your entries contain, how they're named, and so on. If you've only got one value in an attribute (e.g. only one uid) then you don't need to know the value to change it. Just call the modify method using 'replace' and the new value. Bam, the old one's gone. If you're changing several things in the entry you'll want to do it in one modify operation for efficiency, probably (but not necessarily) via the modify method's 'changes' option. If the uid's used to name the entry (e.g. "uid=xyz123,ou=Students,dc=wombat,dc=edu") then to change the uid you need to rename the entry instead of modifying it. LDAP's rename operation (Net::LDAP's moddn method) lets you automatically delete the previous attribute value used in the RDN. Given those techniques, you may not even need to read the entry out of the directory. Does that help? If not, perhaps you can give an example of an entry and how you are trying to change it. Cheers, Chris
