Home / server / Questions / 164519
Accepted
Cédric Girard
Asked: 2010-07-28 08:19:47 +0800 CST

How to copy a LDAP entry and all the subtree on a Linux/openldap server?

  • 772

I want to duplicate an LDAP subtree : my software uses

ou=software,o=company,c=fr

and I want to have version 2 of the software to use

ou=software_v2,o=company,c=fr

I tried JXplore to copy the tree, which is fine for the development server, but I need to to the same on the production server, which is in a datacenter.

Is there any openldap command, any script to do this, or must I create it?

Best regards,
Cédric

linux ldap openldap copy

2 Answers

  1. Best Answer

    Probably the best way to handle this is to export the sub-tree in question to an LDIF file, tweak the file to change the DNs to be what you need, import the LDIF file into the production environment. There are a variety of ways to create the LDIF file, with ldapsearch being the most available. The command needed to get the LDIF file can vary depending on the LDAP server in use, but should look something similar to this.

    ldapsearch -b ou=software,o=company,c=fr -s sub -h host.ldap.server > software.ldif

    This assumes you don't need to log in. Pipe output to a file. You can then open the file in whatever tool you wish and change all occurrences of "ou=software,o=" to "ou=software_v2,o=". This can then be used to import.

    ldapadd -a -h host.ldap.server -f software.ldif

    TLS usage, logins, and strange ports will require different options on both commands, but this should at least get you started.

    (Edit) Those fields are base64 encoded. The one you quote in comments has "Côte d'Azur" in the DN. One way to get at the real text is to:

    1. Copy the DN to a simple text file, encode-old.txt
    2. Pipe it through the base64 command, base64 -d encode-old.txt > decoded.txt
    3. Make the changes you need in the decode.txt file
    4. Pipe it back through the base64 command, base64 decoded.txt > encode-new.txt

    Obviously this won't scale that well, but it shows how to get at the real text. Processing the .ldif file with sed/awk or perl to make the needed changes programatically is probably your best best.

    • 3

  2. Although you already marked sysadmin1138's reply as "reply", I still want to contribute my idea. Install "gq" on a system, connect it with an account which has enough privileges to the LDAP server and simply drag and drop your subtree (or: "save as new"). It is easy, it is fast and works.

    gq is a LDAP browser (with editing function) which requires a X server.

    • 1