Ubuntu – ldapadd with automatic support for replace if entry already exists

backupldapopenldapUbuntu

I've been doing some testing with ldapadd and ldapmodify and what I noticed is:

–ldapadd will fail if the entry already exists:

=> hdb_tool_entry_put: txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30995)
ldapadd: could not add entry dn="mail=test1@example.org,ou=People,dc=example,dc=org" (line=1): txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30995)

–ldapmodify will fail if the entry doesn't:

modifying entry "mail=test2@example.org,ou=People,dc=example,dc=org"
ldap_modify: No such object (32)
matched DN: ou=People,dc=example,dc=org

Therefore when restoring a backup on an existing database with some existing and some missing entries you can't just use either of these tools, you need to create a routine that:
-either deletes all the users that already exists in the database and are present in the backup and then import using ldapadd.
-or converts the backup ldif file to be ldapmodify-compatible (add or modify depending on whether the user exists) and use ldapmodify.

Q: Isn't there a tool that would take care of that for you?

Additional info: running openldap 2.4.21 on ubuntu server 10.04

Best Answer

You can either give the -a flag to ldapmodify or put the line changetype: add into your LDIF data if you add an entry, and changetype: modify to modify the entry.

Related Solutions

Debian – OpenLDAP with ldaps support on Debian Lenny

The cipher names between Openssl and GnuTLS are not the same.

Example GnuTLS cipher:

slapd.conf:
TLSCipherSuite TLS_RSA_AES_256_CBC_SHA

To get a list of GnuTLS cipher names:

$ gnutls-cli -l

And make sure that the "cert" files are readable and owned by the openldap user. You could also add the openldap user to the ssl-cert group.

LDAP Error – Why Does This ldapadd Command Quit with an ‘Invalid Syntax’ Error?

Your problem is undoubtedly that you need to load the nis schema into your LDAP server. How to do this depends on whether your are using the legacy slapd.conf configuration file or the newer dynamic configuration hosted in cn=config and backed by a slapd.d directory.

Using `slapd.conf`

You will need to include the schema definition in your slapd.conf by adding a line along the lines of:

include /usr/local/etc/openldap/schema/nis.schema

This assumes that the nis.schema file is located at that path; if not, modify the path appropriately.

You will need to restart slapd to activate the new schema.

Using `slapd.d`

(I'm including this for completeness, although it's not directly relevant to your current configfuration).

To load a schema into slapd if you're using the dynamic cn=config configuration, you would use ldapadd. Depending on how your ACLs are configured, the command might look like this:

ldapadd -Y EXTERNAL -H ldapi:// -f /usr/local/etc/openldap/schema/nis.ldif

This assumes that your running slapd has an ACL permitting "peer credentials" authentication to root. If that doesn't work, you would need to provide an appropriate bind DN and password using -D and -W.

There is no restart required in this case.

Best Answer

Related Solutions

Debian – OpenLDAP with ldaps support on Debian Lenny

LDAP Error – Why Does This ldapadd Command Quit with an ‘Invalid Syntax’ Error?

Using slapd.conf

Using slapd.d

Related Topic

Using `slapd.conf`

Using `slapd.d`