[Fedora-directory-users] LDIF modify syntax
Pierangelo Masarati
ando at sys-net.it
Wed Jan 3 17:25:48 UTC 2007
Kyle Tucker wrote:
>> Kyle Tucker wrote:
>>> But recent research into LDIF revealed that the proper way
>> What do you mean by "recent" here? RFC 2849 was published in 2000, and
>> I don't think there was much further research. That document illustrate
>> even wiser (and syntactically correct) means to perform the
>> modifications you need.
>
> I was referring to my research. I was more looking into why the other
> non-replace method works, if it was some optional syntax or if it wasn't
> even working as it seemed, although all evidence I saw indicated it was.
>
> dn: uid=$UID, ou=People, $DNDOMAIN
> changetype: modify
> shadowLastChange: $TODAY
> userPassword: $PWHASH
The above is a bug (feature?) of the LDIF parsing routine, a bit too liberal
> dn: uid=$UID, ou=People, $DNDOMAIN
> changetype: modify
> replace: shadowLastChange
> shadowLastChange: $TODAY
>
> dn: uid=$UID, ou=People, $DNDOMAIN
> changetype: modify
> replace: userPassword
> userPassword: $PWHASH
The above, according to RFC 2849, can be summarized in
dn: uid=$UID, ou=People, $DNDOMAIN
changetype: modify
replace: shadowLastChange
shadowLastChange: $TODAY
-
replace: userPassword
userPassword: $PWHASH
-
with two relevant consequences:
1) only one operation is performed instead of two;
2) as a consequence, the modification is atomic, i.e. either they both
succeed or they both fail; the way you indicated, they could have
independently succeeded or failed.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office: +39.02.23998309
Mobile: +39.333.4963172
Email: pierangelo.masarati at sys-net.it
------------------------------------------
More information about the Fedora-directory-users
mailing list