Groups | Search | Server Info | Login | Register
| Newsgroups | perl.ldap |
|---|---|
| Subject | Re: what is the best practice to modrdn for branch of objects? |
| Date | 2018-06-18 18:41 +0100 |
| Message-ID | <ABE2CFB0-6085-4DA4-A50B-8BBA4FE638EB@mac.com> (permalink) |
| References | <20180618143359.70825@relay.xx> |
| From | chrisridd@mac.com (Chris Ridd) |
> On 18 Jun 2018, at 12:33, Zeus Panchenko <zeus@ibs.dn.ua> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > hi > > what is the best practice to moddn() for branch of objects? I’m not really sure “best practice” is relevant here - whatever you need to do needs to be expressed in LDAP protocol requests. I would note that storing entries subordinate to user entries is rather unusual. Not illegal in any way, just unusual and it would surprise most people who were familiar with LDAP. > > lets say we have two objects: > > - ---[ user A start ]------------------------------------------- > dn: uid=naf.nafus,ou=People,dc=umidb > dn: authorizedService=web@borg.startrek.in,uid=naf.nafus,ou=People,dc=umidb > dn: uid=q@borg.startrek.in,authorizedService=web@borg.startrek.in,uid=naf.nafus,ou=People,dc=umidb > dn: authorizedService=ovpn@borg.startrek.in,uid=naf.nafus,ou=People,dc=umidb > dn: cn=dev-ap-notebook,authorizedService=ovpn@borg.startrek.in,uid=naf.nafus,ou=People,dc=umidb > dn: authorizedService=mail@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb > dn: uid=naf.nafus@starfleet.startrek.in,authorizedService=mail@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb > dn: authorizedService=xmpp@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb > dn: uid=naf.nafus1@starfleet.startrek.in,authorizedService=xmpp@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb > - ---[ user A end ]------------------------------------------- > > and > > - ---[ user B start ]------------------------------------------- > dn: uid=taf.taffij,ou=People,dc=umidb So there are two cases to consider: * user B already exists * user B does not exist In the first case, you can iterate through all of user A’s immediate children and modifydn each of them. Do you delete user A at the end? Alternative in the first case, you could delete user B first and then just use modifydn once to move user A to user B. In the second case, just modifydn user A to user B in a single operation. You may need to refine your question a bit more. > > to do that, I take target branch subtree and „re-write“ DN of each object to be reassigned ... > (https://github.com/z-eos/umi/blob/master/lib/LDAP_CRUD.pm#L992) > > > what I think of is something like this: > > - ---[ quotation start ]------------------------------------------- > $dn = 'authorizedService=xmpp@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb'; > $mesg = $ldap->moddn( $dn, > newsuperior => 'uid=taf.taffij,ou=People,dc=umidb', > recursively => 1 ); Net::LDAP’s moddn method does not take a “recursively” option. The LDAP modifydn operation is already defined to move all the entry's children. If the server cannot perform that operation, it will return an error instead. Cheers, Chris
Back to perl.ldap | Previous | Next — Next in thread | Find similar
Re: what is the best practice to modrdn for branch of objects? chrisridd@mac.com (Chris Ridd) - 2018-06-18 18:41 +0100 Re: what is the best practice to modrdn for branch of objects? chrisridd@mac.com (Chris Ridd) - 2018-06-19 07:45 +0100
csiph-web