hello all,
i've a couple of problems, but before, maybe is better if i'll show you the scenario.
We have given our students the opprotunity to access to the net (just http and https) and for the autentication we use fds. There is (among a lot of other ou's) an ou and a static group used for autentication purposes. I get students' data in csv format from Oracle and by the means of a shell script I convert them into ldif then I add, delete and update the LDAP via ldapmodify.
Maybe my script isn't a masterpiece of style, but it works fine, and for my purposes, at the moment, is good; sometimes it happens to me to get errors while modifying the static group: logs report something like "could not find value 0 (or 25, or 29, or so on) for attr uniqueMember (no such attribute)". Now, since there isn't any value like 0 (or anyway numeric) for uniqueMember attribute (we use social security code that is alphanumerical and starts with 6 letters) I can only suppose that is a csv fault, that it depends on how Oracle exports in csv queries results, but sincerely I simply don't know how it happens. The worst is that the ldapmodify stops immediately even if in the function call I'm using -c switch, that works fine when operating on the ou, but simply seems not to be working when operating on statica group.
And, second problem: I've thought to build a script that exports data from LDAP with a db2ldif, both static group and ou, then adjusting ldif files by the means of an executable that extracts just SS codes and sorts them and finally makes a diff between result files (or simply counts their lines) the way to see if ou and static group differ and in case, sending an alert to my e-mail address (soon my script will be "cron-ized"). If I do that via java console, it works fine, but as soon as I launch the db2ldif -a /tmp/myFile.ldif -s "ou=myOU, dc=myDomain, dc=it" it fails with an "there is no backend instance to export from" (same thing if instead of -s switch I use -n switch and if I use "cn=myStaticGroup, ou=gruppi, dc=myDomain, dc=it" as object of -s switch), while if I say db2ldif -a /tmp/myFile.ldif -s "dc=myDomain, dc=it", it works fine and exports anything. Obviously, writing an executable that extracts the content of my ou and my static group from the entire db is not my secret dream!
Can anyone help me?
Thanks in advance and best regards,
Stefi
stefi wrote:
hello all,
i've a couple of problems, but before, maybe is better if i'll show you the scenario.
We have given our students the opprotunity to access to the net
(just http and https) and for the autentication we use fds. There is (among a lot of other ou's) an ou and a static group used for autentication purposes. I get students' data in csv format from Oracle and by the means of a shell script I convert them into ldif then I add, delete and update the LDAP via ldapmodify.
Maybe my script isn't a masterpiece of style, but it works fine,
and for my purposes, at the moment, is good; sometimes it happens to me to get errors while modifying the static group: logs report something like "could not find value 0 (or 25, or 29, or so on) for attr uniqueMember (no such attribute)". Now, since there isn't any value like 0 (or anyway numeric) for uniqueMember attribute (we use social security code that is alphanumerical and starts with 6 letters) I can only suppose that is a csv fault, that it depends on how Oracle exports in csv queries results, but sincerely I simply don't know how it happens. The worst is that the ldapmodify stops immediately even if in the function call I'm using -c switch, that works fine when operating on the ou, but simply seems not to be working when operating on statica group.
I'm not sure what's going on. You might want to post excerpts of your access log, errors log, script, and data to pastebin.com and post links here.
And, second problem: I've thought to build a script that exports
data from LDAP with a db2ldif, both static group and ou, then adjusting ldif files by the means of an executable that extracts just SS codes and sorts them and finally makes a diff between result files (or simply counts their lines) the way to see if ou and static group differ and in case, sending an alert to my e-mail address (soon my script will be "cron-ized"). If I do that via java console, it works fine, but as soon as I launch the db2ldif -a /tmp/myFile.ldif -s "ou=myOU, dc=myDomain, dc=it" it fails with an "there is no backend instance to export from" (same thing if instead of -s switch I use -n switch and if I use "cn=myStaticGroup, ou=gruppi, dc=myDomain, dc=it" as object of -s switch), while if I say db2ldif -a /tmp/myFile.ldif -s "dc=myDomain, dc=it", it works fine and exports anything. Obviously, writing an executable that extracts the content of my ou and my static group from the entire db is not my secret dream!
db2ldif/ldif2db operate at the database level e.g. you usually will have a database named userRoot which corresponds to the suffix dc=myDomain,dc=it. You cannot use db2ldif on a subtree. Suggestions: * use db2ldif but write a script (e.g. python-ldap, Net::LDAP) to operate only on those entries you want * use ldapsearch -s sub -b "ou=myOU, dc=myDomain, dc=it" instead of db2ldif
Can anyone help me? Thanks in advance and best regards, Stefi
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Richard,
thanks a lot! At least for what concerns ou and static group export, I've found out a solution ... i'ts true that talking with other people about these problems helps in finding solutions! I must confess that I've never thought about using a ldapsearch ... thanks again!
For the other problem, I still don't understand why, working with static group, ldapmodify doesn't act in continuous mode ... but having solved the other problem, I can set up a script that extracts both ou and static group and (in some way ... I must still think about) counts uids and if their numbers are different send me an alert by mail.
Best regards,
Stefi
2007/8/30, Richard Megginson rmeggins@redhat.com:
db2ldif/ldif2db operate at the database level e.g. you usually will have a database named userRoot which corresponds to the suffix dc=myDomain,dc=it. You cannot use db2ldif on a subtree. Suggestions:
- use db2ldif but write a script (e.g. python-ldap, Net::LDAP) to
operate only on those entries you want
- use ldapsearch -s sub -b "ou=myOU, dc=myDomain, dc=it" instead of
db2ldif
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
389-users@lists.fedoraproject.org