These tools come from Graham Barr’s excellent perlldap (Net::LDAP) perl module. Actually these are contributed scripts that take advantage of the Net::LDAP perl module. Not only is it a good sanity check on a bulk load, but it can also be a very good tool to do an ad-hoc manual synchronization of two directories. The output of this procedure is an LDIF that can be used to bring the two sides into synch.
Steps to Verify a Bulk Load:
- Import (ldif2db) users from entiredirectory.ldif.
- Export the users (db2ldif) to entiredirectory.export.ldif.
Remove the entry ids:
egrep -v "entry-id|nsUniqueId" entiredirectory.ldif > entiredirectory.noids.ldif
egrep -v "entry-id|nsUniqueId" entiredirectory.export.ldif > entiredirectory.export.noids.ldif
Use “ldifsort.pl” to sort the files:
./contrib/ldifsort.pl -k dn entiredirectory.noids.ldif > entiredirectory.noids.sorted.ldif
./contrib/ldifsort.pl -k dn entiredirectory.export.noids.ldif > entiredirectory.export.noids.sorted.ldif
Use “ldifdiff.pl to diff the files:
./contrib/ldifdiff.pl -k dn entiredirectory.noids.sorted.ldif entiredirectory.export.noids.sorted.ldif
- If there is no output, then both the LDIFs contain the same data.
- These tools seem to work on Windows but USE THEM ON UNIX! Windows line breaks seem to break these tools.
- I also tested changing the export file and using ldifdiff.pl on it. As advertised, ldifdiff.pl generates on standard output the LDIF changes needed to transform the target into the source.
- One potential problem with ldifdiff.pl output is that renaming the DN will result in a DELETE +ADD, not a MODRDN, so you will lose the createTimeStamp. (Of course, this could be fixed, with some perl programming.)
© Copyright 2019 Rex Consulting, Inc. - All rights reserved