Hi all, Simple issue here perhaps. I had set up my LDIF files like this example (variables get set of course) to change a users shadowAccount password under FDS 1.0.4 and all my updates seem to work just fine using ldapmodify. dn: uid=$UID, ou=People, $DNDOMAIN changetype: modify shadowLastChange: $TODAY userPassword: $PWHASH But recent research into LDIF revealed that the proper way to update attributes is using this "replace" method. dn: uid=$UID, ou=People, $DNDOMAIN changetype: modify replace: shadowLastChange shadowLastChange: $TODAY dn: uid=$UID, ou=People, $DNDOMAIN changetype: modify replace: userPassword userPassword: $PWHASH Are both legal or permitted or did I just get lucky or is it not really doing what I think? All ldapsearch results look the same after using either? -- - Kyle
Kyle Tucker wrote:> But recent research into LDIF revealed that the proper wayWhat do you mean by "recent" here? RFC 2849 was published in 2000, and I don''t think there was much further research. That document illustrate even wiser (and syntactically correct) means to perform the modifications you need. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------
> Kyle Tucker wrote: > > But recent research into LDIF revealed that the proper way > > What do you mean by "recent" here? RFC 2849 was published in 2000, and > I don''t think there was much further research. That document illustrate > even wiser (and syntactically correct) means to perform the > modifications you need.I was referring to my research. I was more looking into why the other non-replace method works, if it was some optional syntax or if it wasn''t even working as it seemed, although all evidence I saw indicated it was. -- - Kyle
Kyle Tucker wrote:>> Kyle Tucker wrote: >>> But recent research into LDIF revealed that the proper way >> What do you mean by "recent" here? RFC 2849 was published in 2000, and >> I don''t think there was much further research. That document illustrate >> even wiser (and syntactically correct) means to perform the >> modifications you need. > > I was referring to my research. I was more looking into why the other > non-replace method works, if it was some optional syntax or if it wasn''t > even working as it seemed, although all evidence I saw indicated it was. >> dn: uid=$UID, ou=People, $DNDOMAIN > changetype: modify > shadowLastChange: $TODAY > userPassword: $PWHASH The above is a bug (feature?) of the LDIF parsing routine, a bit too liberal > dn: uid=$UID, ou=People, $DNDOMAIN > changetype: modify > replace: shadowLastChange > shadowLastChange: $TODAY > > dn: uid=$UID, ou=People, $DNDOMAIN > changetype: modify > replace: userPassword > userPassword: $PWHASH The above, according to RFC 2849, can be summarized in dn: uid=$UID, ou=People, $DNDOMAIN changetype: modify replace: shadowLastChange shadowLastChange: $TODAY - replace: userPassword userPassword: $PWHASH - with two relevant consequences: 1) only one operation is performed instead of two; 2) as a consequence, the modification is atomic, i.e. either they both succeed or they both fail; the way you indicated, they could have independently succeeded or failed. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------