edirectory
Extending a User with LDAP
07/09/07 10:47 Filed in: Novell
While this doesn't apply specifically to Novell, it's
what I've been playing with.
Thanks to Eddie for being a ready-reference, you're a LEGEND!
I had to extend our eDirectory schema at work with an auxiliary class for the Users. Easily done. However actually extending all the user objects with the new class information was a little more challenging...only slightly. Yes it can be done in C1 and iManager but I needed to do this to 21,000 users at once as well as apply some attribute values.
LDAP to the rescue.
Using a text editor and C1 you can easily manipulate values in a Directory using the power of LDAP. This doesn't just apply to eDirectory, you can do similar things with MAD or any LDAP directory. This is how I did it.
1. Backup your Directory
2. You need a list of accounts to modify. Using C1 do an export of objectclass=inetOrgPerson and select Entry names only.
This gives you a nice list of distinguished usernames. Perfect.
3. Now you'll need a good editor. TextWrangler is my choice but anything that can search and replace including special characters like CR... so Notepad is out, and so is Wordpad. I'm not sure about Word but you could give it a shot. If you have a MAC, use TextWrangler, it's hard to beat. Excel can be used initially also.
For each user record you need the following in your LDIF file:
dn: ‹username›
changetype: modify
add: objectClass
objectClass: ‹name of your aux class›
-
add: ‹attribute name›
‹attribute name›: ‹attribute value›
-
add: ‹attribute name›
‹attribute name›: ‹attribute value›
Continue on for all additional attributes leaving a space or two between useraccounts. Some creative search and replacing will do it.
3. Import using the wizard in C1 and 5mins later all 21,000 accounts have been updated. It helps if you tell C1 not to stop on errors, if you've done the above correctly you shouldn't get any but you don't want to walk away from the PC only to find the import stopped on record 55 of 21,000.
Deleting is just as easy. Simply change your LDIF file to something like this:
To delete the attribute:
dn: ‹username›
changetype: modify
delete: ‹attribute name›
To delete the class extension (essentially deleting all auxiliary attributes that were part of the auxiliary class we extended the user with, and removing the extension from the object. Be very careful with this!!!!!):
dn: ‹username›
changetype: modify
add: objectClass
objectClass: ‹name of your aux class›
Note: ensure you are not still using the attribute data before deleting it. You might want to consider doing an LDAP export of all data before making any deletes, in case you need to put it all back in a hurry.
Note: Step 1
Thanks to Eddie for being a ready-reference, you're a LEGEND!
I had to extend our eDirectory schema at work with an auxiliary class for the Users. Easily done. However actually extending all the user objects with the new class information was a little more challenging...only slightly. Yes it can be done in C1 and iManager but I needed to do this to 21,000 users at once as well as apply some attribute values.
LDAP to the rescue.
Using a text editor and C1 you can easily manipulate values in a Directory using the power of LDAP. This doesn't just apply to eDirectory, you can do similar things with MAD or any LDAP directory. This is how I did it.
1. Backup your Directory
2. You need a list of accounts to modify. Using C1 do an export of objectclass=inetOrgPerson and select Entry names only.
This gives you a nice list of distinguished usernames. Perfect.
3. Now you'll need a good editor. TextWrangler is my choice but anything that can search and replace including special characters like CR... so Notepad is out, and so is Wordpad. I'm not sure about Word but you could give it a shot. If you have a MAC, use TextWrangler, it's hard to beat. Excel can be used initially also.
For each user record you need the following in your LDIF file:
dn: ‹username›
changetype: modify
add: objectClass
objectClass: ‹name of your aux class›
-
add: ‹attribute name›
‹attribute name›: ‹attribute value›
-
add: ‹attribute name›
‹attribute name›: ‹attribute value›
Continue on for all additional attributes leaving a space or two between useraccounts. Some creative search and replacing will do it.
3. Import using the wizard in C1 and 5mins later all 21,000 accounts have been updated. It helps if you tell C1 not to stop on errors, if you've done the above correctly you shouldn't get any but you don't want to walk away from the PC only to find the import stopped on record 55 of 21,000.
Deleting is just as easy. Simply change your LDIF file to something like this:
To delete the attribute:
dn: ‹username›
changetype: modify
delete: ‹attribute name›
To delete the class extension (essentially deleting all auxiliary attributes that were part of the auxiliary class we extended the user with, and removing the extension from the object. Be very careful with this!!!!!):
dn: ‹username›
changetype: modify
add: objectClass
objectClass: ‹name of your aux class›
Note: ensure you are not still using the attribute data before deleting it. You might want to consider doing an LDAP export of all data before making any deletes, in case you need to put it all back in a hurry.
Note: Step 1
|
