SkayaWiki

ChangeLdapBaseDN

JeromePetazzoni :: DerniersChangements :: DerniersCommentaires? :: ParametresUtilisateur :: http://www.enix.org/ :: Vous êtes ec2-18-116-85-108.us-east-2.compute.amazonaws.com

I suppose you have a LDAP tree with base DN dc=foobar,dc=org ; and you want to migrate it to dc=newfoo,dc=org.
The strategy is :
- on the old LDAP server, do slapcat > ldap-dump (you get a dump of the whole LDAP tree)
- if needed, remove the manager entries and similar entries
- on the new LDAP server, create the manager entries (generally, it's automatically done ; that's why you remove them in the previous step)
- do something like sed -i "s/dc=foobar,dc=org/dc=newfoo,dc=org/g" ldap-dump to edit the dump
- stop the new LDAP server
- import the dump with slapadd < ldap-dump (run it in try mode with -u first!)

But if some of your DN entries contain characters outside of the ASCII 7-bit range, this won't work. Those entries look like :
dn:: ...some Base64?-encoded gibberish, generally with trailing equal signs...=
(note the double semi-colon)

Just after running the sed command, you can then run this little Python script to address this issue.
(Of course, don't forget to change the #"s.replace(...)# line with your DN!)
Just save this script as stringmunge.py for instance, then run python stringmunge.py ldap-dump ldap-dump-fixed and it should work.
(At least, it did for me ;-))

#!/usr/bin/python
import sys, re, base64

def transform(s):
    s = base64.decodestring(s)
    s = s.replace("dc=foobar,dc=org","dc=newfoo,dc=org") # change this
    s = base64.encodestring(s)
    s = s.replace("\n","")
    return s

regex = "dn:: (.*)\n"

inputfile = sys.argv[1]
outputfile = sys.argv[2]

data = open(inputfile).read()
matches = re.findall(regex, data)
for match in matches: data = data.replace(match,transform(match))
open(outputfile,"w").write(data)

Il n'y a pas de commentaire sur cette page. [Afficher commentaires/formulaire]