Fedora directory users - Aug 2007 - troubles with ldapmodify and db2ldif

hello all,

i''ve a couple of problems, but before, maybe is better if i''ll
show you the
scenario.

     We have given our students the opprotunity to access to the net (just
http and https) and for the autentication we use fds. There is (among a lot
of other ou''s) an ou and a static group used for autentication
purposes. I
get students'' data in csv format from Oracle and by the means of a
shell
script I convert them into ldif  then I add, delete and update the LDAP via
ldapmodify.

    Maybe my script isn''t a masterpiece of style, but it works fine,
and for
my purposes, at the moment, is good; sometimes it happens to me to get
errors while modifying the static group: logs report something like "could
not find value 0 (or 25, or 29, or so on) for attr uniqueMember (no such
attribute)". Now, since there isn''t any value like 0 (or anyway
numeric) for
uniqueMember attribute (we use social security code that is alphanumerical
and starts with 6 letters)  I can only suppose that is a csv fault, that it
depends on how Oracle exports in csv queries results, but sincerely I simply
don''t know how it happens. The worst is that the ldapmodify stops
immediately even if in the function call I''m using -c switch, that
works
fine when operating on the ou, but simply seems not to be working when
operating on statica group.

    And, second problem: I''ve thought to build a script that exports
data
from LDAP with a db2ldif, both static group and ou, then adjusting ldif
files by the means of an executable that extracts just SS codes and sorts
them and finally makes a diff between result files (or simply counts their
lines) the way to see if ou and static group differ and in case, sending an
alert to my e-mail address (soon my script will be "cron-ized").
    If I do that via java console, it works fine, but as soon as I launch
the db2ldif -a /tmp/myFile.ldif  -s "ou=myOU, dc=myDomain, dc=it" it
fails
with an "there is no backend instance to export from" (same thing if
instead
of -s switch I use -n switch and if I use "cn=myStaticGroup, ou=gruppi,
dc=myDomain, dc=it" as object of -s switch), while if I say
db2ldif -a /tmp/myFile.ldif  -s "dc=myDomain, dc=it", it works fine
and
exports anything. Obviously, writing an executable that extracts the content
of my ou and my static group from the entire db is not my secret dream!

    Can anyone help me?

    Thanks in advance and best regards,

     Stefi

stefi wrote:
>    hello all,
>
> i''ve a couple of problems, but before, maybe is better if
i''ll show
> you the scenario.
>
>      We have given our students the opprotunity to access to the net 
> (just http and https) and for the autentication we use fds. There is 
> (among a lot of other ou''s) an ou and a static group used for 
> autentication purposes. I get students'' data in csv format from
Oracle
> and by the means of a shell script I convert them into ldif  then I 
> add, delete and update the LDAP via ldapmodify.
>
>     Maybe my script isn''t a masterpiece of style, but it works
fine,
> and for my purposes, at the moment, is good; sometimes it happens to 
> me to get errors while modifying the static group: logs report 
> something like "could not find value 0 (or 25, or 29, or so on) for 
> attr uniqueMember (no such attribute)". Now, since there
isn''t any
> value like 0 (or anyway numeric) for uniqueMember attribute (we use 
> social security code that is alphanumerical and starts with 6 
> letters)  I can only suppose that is a csv fault, that it depends on 
> how Oracle exports in csv queries results, but sincerely I simply 
> don''t know how it happens. The worst is that the ldapmodify stops 
> immediately even if in the function call I''m using -c switch, that
> works fine when operating on the ou, but simply seems not to be 
> working when operating on statica group.
I''m not sure what''s going on.  You might want to post excerpts
of your
access log, errors log, script, and data to pastebin.com and post links 
here.
>
>     And, second problem: I''ve thought to build a script that
exports
> data from LDAP with a db2ldif, both static group and ou, then 
> adjusting ldif files by the means of an executable that extracts just 
> SS codes and sorts them and finally makes a diff between result files 
> (or simply counts their lines) the way to see if ou and static group 
> differ and in case, sending an alert to my e-mail address (soon my 
> script will be "cron-ized").
>     If I do that via java console, it works fine, but as soon as I 
> launch the db2ldif -a /tmp/myFile.ldif  -s "ou=myOU, dc=myDomain, 
> dc=it" it fails with an "there is no backend instance to export
from"
> (same thing if instead of -s switch I use -n switch and if I use 
> "cn=myStaticGroup, ou=gruppi, dc=myDomain, dc=it" as object of -s
> switch), while if I say
> db2ldif -a /tmp/myFile.ldif  -s "dc=myDomain, dc=it", it works
fine
> and exports anything. Obviously, writing an executable that extracts 
> the content of my ou and my static group from the entire db is not my 
> secret dream!
db2ldif/ldif2db operate at the database level e.g. you usually will have 
a database named userRoot which corresponds to the suffix 
dc=myDomain,dc=it.  You cannot use db2ldif on a subtree.  Suggestions:
* use db2ldif but write a script (e.g. python-ldap, Net::LDAP) to 
operate only on those entries you want
* use ldapsearch -s sub -b "ou=myOU, dc=myDomain, dc=it" instead of
db2ldif
>
>     Can anyone help me?
>
>     Thanks in advance and best regards,
>
>      Stefi
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

Richard,

thanks a lot! At least for what concerns ou and static group export,
I''ve
found out a solution ... i''ts true that talking with other people about
these problems helps in finding solutions!  I must confess that I''ve
never
thought about using a ldapsearch ... thanks again!

For the other problem, I still don''t understand why, working with
static
group, ldapmodify doesn''t act in continuous mode ... but having solved
the
other problem, I can set up a script that extracts both ou and static group
and (in some way ...  I must still think about) counts uids and if their
numbers are different send me an alert by mail.

Best regards,

    Stefi

2007/8/30, Richard Megginson
<rmeggins@redhat.com>:
>
>
> db2ldif/ldif2db operate at the database level e.g. you usually will have
> a database named userRoot which corresponds to the suffix
> dc=myDomain,dc=it.  You cannot use db2ldif on a subtree.  Suggestions:
> * use db2ldif but write a script (e.g. python-ldap, Net::LDAP) to
> operate only on those entries you want
> * use ldapsearch -s sub -b "ou=myOU, dc=myDomain, dc=it" instead
of
> db2ldif
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users@redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
>

-- 
Procurade e moderare,
Barones, sa tirannia,
Chi si no, pro vida mia,
Torrades a pe'' in terra!
Declarada est gia'' sa gherra
Contra de sa prepotenzia,
E cominzat sa passienzia
ln su pobulu a mancare