THESE TOOLS COME FROM GRAHAM BARR’S EXCELLENT PERLLDAP (NET::LDAP) PERL MODULE. ACTUALLY THESE ARE CONTRIBUTED SCRIPTS THAT TAKE ADVANTAGE OF THE NET::LDAP PERL MODULE. NOT ONLY IS IT A GOOD SANITY CHECK ON A BULK LOAD, BUT IT CAN ALSO BE A VERY GOOD TOOL TO DO AN AD-HOC MANUAL SYNCHRONIZATION OF TWO DIRECTORIES. THE OUTPUT OF THIS PROCEDURE IS AN LDIF THAT CAN BE USED TO BRING THE TWO SIDES INTO SYNCH.
STEPS TO VERIFY A BULK LOAD:
- Import (ldif2db) users from entiredirectory.ldif.
- Export the users (db2ldif) to entiredirectory.export.ldif.
-
Remove the entry ids:
egrep -v "entry-id|nsUniqueId" entiredirectory.ldif > entiredirectory.noids.ldif
egrep -v "entry-id|nsUniqueId" entiredirectory.export.ldif > entiredirectory.export.noids.ldif
-
Use “ldifsort.pl” to sort the files:
./contrib/ldifsort.pl -k dn entiredirectory.noids.ldif > entiredirectory.noids.sorted.ldif
./contrib/ldifsort.pl -k dn entiredirectory.export.noids.ldif > entiredirectory.export.noids.sorted.ldif
-
Use “ldifdiff.pl to diff the files:
./contrib/ldifdiff.pl -k dn entiredirectory.noids.sorted.ldif entiredirectory.export.noids.sorted.ldif
- If there is no output, then both the LDIFs contain the same data.
IMPORTANT NOTES
- These tools seem to work on Windows but USE THEM ON UNIX! Windows line breaks seem to break these tools.
- I also tested changing the export file and using ldifdiff.pl on it. As advertised, ldifdiff.pl generates on standard output the LDIF changes needed to transform the target into the source.
- One potential problem with ldifdiff.pl output is that renaming the DN will result in a DELETE +ADD, not a MODRDN, so you will lose the createTimeStamp. (Of course, this could be fixed, with some perl programming.)
© Copyright 2020 Rex Consulting, Inc. – All rights reserved
