Re: how to split changes on a sigle entry in multiple ldiff chunks ?

[Peter Marschall]

Hi,

On Tuesday, 18. December 2007, Guillaume Rousse wrote:
> We are using a perl script, based on Net::LDAP to sync our AD server
> with our OpenLdap directory. My colleagues told me we couldn't create
> the entries directly in AD, as those entries requires additional
> processing, so we're generating LDIFF instead, which is imported into
> some microsoft later.
Strange. I'm creating/modifying AD accounts via perl-ldap all the time
without problems.

> My problem is that the dn for any user contains its group, so its group
> must exists before the user entry is created. But AD also refuses to add
> a non-existent user dn to a group entry, so the user entry must exists
> before it can get added to its group entry. Which means the correct
> entry creation sequence is:
> - create empty group
> - create user
> - add user to group
>
> However, I couldn't find a way in current Net::LDAP API to write an
> Net::LDAP::Entry once for creation, and thereafter only for subsequent
> modifications in the ldiff output.
Did you try Net::LDAP::Entry's changetype('modify') method ?

> The following code 
>
> my $ldif = Net::LDAP::LDIF->new('-', 'w', change => 1);
> my $group = Net::LDAP::Entry->new();
> $group->dn('cn=group');
> $ldif->write_entry($group);
# Try this:
$group->changetype('modify');
> $group->add('member' => 'cn=user');
> $ldif->write_entry($group);
>
> Results in
>
> dn: cn=group
> changetype: add
>
> dn: cn=group
> changetype: add
> member: cn=user
>
> Whereas I'd want something as :
>
> dn: cn=group
> changetype: add
>
> dn: cn=group
> changetype: modify
> replace: member
> member: cn=user

Hope it helps
Peter


-- 
Peter Marschall
[EMAIL PROTECTED]