Trick: Using the Sun Directory Server Tools LDIFDIFF.PL and LDIFFSORT.PL to Verify Bulk Loads


These tools come from Graham Barr’s excellent perlldap (Net::LDAP) perl module. Actually these are contributed scripts that take advantage of the Net::LDAP perl module. Not only is it a good sanity check on a bulk load, but it can also be a very good tool to do an ad-hoc manual synchronization of two directories. The output of this procedure is an LDIF that can be used to bring the two sides into synch.


Steps to Verify a Bulk Load:

  1. Import (ldif2db) users from entiredirectory.ldif.
  2. Export the users (db2ldif) to entiredirectory.export.ldif.
  3. Remove the entry ids:
     egrep -v "entry-id|nsUniqueId" entiredirectory.ldif > entiredirectory.noids.ldif
     egrep -v "entry-id|nsUniqueId" entiredirectory.export.ldif > entiredirectory.export.noids.ldif
  4. Use “” to sort the files:
     ./contrib/ -k dn entiredirectory.noids.ldif > entiredirectory.noids.sorted.ldif
     ./contrib/ -k dn entiredirectory.export.noids.ldif > entiredirectory.export.noids.sorted.ldif
  5. Use “ to diff the files:
     ./contrib/ -k dn entiredirectory.noids.sorted.ldif entiredirectory.export.noids.sorted.ldif
  6. If there is no output, then both the LDIFs contain the same data.

Important Notes

  • These tools seem to work on Windows but USE THEM ON UNIX! Windows line breaks seem to break these tools.
  • I also tested changing the export file and using on it. As advertised, generates on standard output the LDIF changes needed to transform the target into the source.
  • One potential problem with output is that renaming the DN will result in a DELETE +ADD, not a MODRDN, so you will lose the createTimeStamp. (Of course, this could be fixed, with some perl programming.)

