ldapadd with automatic support for replace if entry already exists

Question

I've been doing some testing with ldapadd and ldapmodify and what I noticed is:

-ldapadd will fail if the entry already exists:

=> hdb_tool_entry_put: txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30995)
ldapadd: could not add entry dn="mail=test1@example.org,ou=People,dc=example,dc=org" (line=1): txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30995)

-ldapmodify will fail if the entry doesn't:

modifying entry "mail=test2@example.org,ou=People,dc=example,dc=org"
ldap_modify: No such object (32)
matched DN: ou=People,dc=example,dc=org

Therefore when restoring a backup on an existing database with some existing and some missing entries you can't just use either of these tools, you need to create a routine that:
-either deletes all the users that already exists in the database and are present in the backup and then import using ldapadd.
-or converts the backup ldif file to be ldapmodify-compatible (add or modify depending on whether the user exists) and use ldapmodify.

Q: Isn't there a tool that would take care of that for you?

Additional info: running openldap 2.4.21 on ubuntu server 10.04

In case, the [assertion control](http://ff1959.wordpress.com/2011/08/05/mastering-the-ldap-assertion-control/) can help with this sort of thing. — Terry Gardner, Dec 02 '11 at 14:32

score 4 · Accepted Answer · answered Dec 02 '11 at 09:32

4

You can either give the -a flag to ldapmodify or put the line changetype: add into your LDIF data if you add an entry, and changetype: modify to modify the entry.

answered Dec 02 '11 at 09:32

Sven

98,649
14
180
226

Unless I'm mistaken, change using `changetype: modify` you then have to create replace/add/remove statements for each attribute you're importing like `changetype: modify \N replace: cn \N cn: test etc..` – Max Dec 02 '11 at 10:05

ldapadd with automatic support for replace if entry already exists

1 Answers1