[Fedora-directory-users] troubles with ldapmodify and db2ldif

Thu Aug 30 13:53:06 UTC 2007

stefi wrote:
>    hello all,
>
> i've a couple of problems, but before, maybe is better if i'll show 
> you the scenario.
>
>      We have given our students the opprotunity to access to the net 
> (just http and https) and for the autentication we use fds. There is 
> (among a lot of other ou's) an ou and a static group used for 
> autentication purposes. I get students' data in csv format from Oracle 
> and by the means of a shell script I convert them into ldif  then I 
> add, delete and update the LDAP via ldapmodify.
>
>     Maybe my script isn't a masterpiece of style, but it works fine, 
> and for my purposes, at the moment, is good; sometimes it happens to 
> me to get errors while modifying the static group: logs report 
> something like "could not find value 0 (or 25, or 29, or so on) for 
> attr uniqueMember (no such attribute)". Now, since there isn't any 
> value like 0 (or anyway numeric) for uniqueMember attribute (we use 
> social security code that is alphanumerical and starts with 6 
> letters)  I can only suppose that is a csv fault, that it depends on 
> how Oracle exports in csv queries results, but sincerely I simply 
> don't know how it happens. The worst is that the ldapmodify stops 
> immediately even if in the function call I'm using -c switch, that 
> works fine when operating on the ou, but simply seems not to be 
> working when operating on statica group.
I'm not sure what's going on.  You might want to post excerpts of your 
access log, errors log, script, and data to pastebin.com and post links 
here.
>
>     And, second problem: I've thought to build a script that exports 
> data from LDAP with a db2ldif, both static group and ou, then 
> adjusting ldif files by the means of an executable that extracts just 
> SS codes and sorts them and finally makes a diff between result files 
> (or simply counts their lines) the way to see if ou and static group 
> differ and in case, sending an alert to my e-mail address (soon my 
> script will be "cron-ized").
>     If I do that via java console, it works fine, but as soon as I 
> launch the db2ldif -a /tmp/myFile.ldif  -s "ou=myOU, dc=myDomain, 
> dc=it" it fails with an "there is no backend instance to export from" 
> (same thing if instead of -s switch I use -n switch and if I use 
> "cn=myStaticGroup, ou=gruppi, dc=myDomain, dc=it" as object of -s 
> switch), while if I say
> db2ldif -a /tmp/myFile.ldif  -s "dc=myDomain, dc=it", it works fine 
> and exports anything. Obviously, writing an executable that extracts 
> the content of my ou and my static group from the entire db is not my 
> secret dream!
db2ldif/ldif2db operate at the database level e.g. you usually will have 
a database named userRoot which corresponds to the suffix 
dc=myDomain,dc=it.  You cannot use db2ldif on a subtree.  Suggestions:
* use db2ldif but write a script (e.g. python-ldap, Net::LDAP) to 
operate only on those entries you want
* use ldapsearch -s sub -b "ou=myOU, dc=myDomain, dc=it" instead of db2ldif
>
>     Can anyone help me?
>
>     Thanks in advance and best regards,
>
>      Stefi
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20070830/631ca1af/attachment.bin>