Difference between openldap 2.3 and 2.4

linux openldap ldap

6,804

LDAP 2.3 needs at least only changetype atribute:

dn: uid=HOST$,ou=Computers,dc=example,dc=edu
changetype: modify
sambaSID: S-1-5-21-3806935310-923960185-3344722049-877

Version 2.4 requires additional atributes for modifying:

dn: uid=HOST$,ou=Computers,dc=example,dc=edu
changetype: modify
replace: sambaSID
sambaSID: S-1-5-21-3806935310-923960185-3344722049-877

Look at the string replace: sambaSID in the last example. On my Debian 6 first LDIF rise an error

# ldapmodify -v -xWD cn=root,dc=ecample,dc=edu -f wsmodify.ldif
ldap_initialize( <DEFAULT> )
Enter LDAP Password: 
ldapmodify: modify operation type is missing at line 3, entry "uid=HOST$,ou=Computers,dc=example,dc=edu"

Second LDIF example works fine:

# ldapmodify -v -xWD cn=root,dc=example,dc=edu -f wsmodify.ldif
ldap_initialize( <DEFAULT> )
Enter LDAP Password: 
replace sambaSID:
        S-1-5-21-3806935310-923960185-3344722049-877
modifying entry "uid=HOST$,ou=Computers,dc=example,dc=edu"
modify complete

Refer to http://www.zytrax.com/books/ldap/ch14/ for details about ldapadd and ldapmodify and http://www.zytrax.com/books/ldap/ch8/index.html#changetype for details about additional attributes.

Best regards.

6,804

Eirik Toft

Updated on September 18, 2022

Comments

Eirik Toft over 1 year
There is a difference between openldap 2.3 and 2.4 - specifically with ldapmodify...
```
If no "changetype:" line is present, the default is "add" if the -a flag is set (or if the program was invoked as ldapadd) and "modify" otherwise.

If  changetype  is  "modify"  and  no "add:", "replace:", or "delete:" lines appear, the default is "replace" for ldapmodify(1) and "add" for ldapadd(1).
```
Does anyone have any idea how to make the 2.4 version of ldapmodify act the same way? Now my script tells me:
```
ldapmodify: modify operation type is missing at line xxxx
```
I have attempted to add the line "changetype: modify" after each dn: entry in the file I'm attempting to import, however this hasn't fixed the issue.

So, can someone clue in this stupid dude here on what I'm missing?

Example in ldif format:
```
# inactive, group, mydomain.net
dn: cn=inactive,ou=group,dc=mydomain,dc=net
cn: inactive
gidNumber: 9999
objectClass: top
objectClass: posixGroup
```
- tink about 11 years
  
  Can you post an anonymised snippet of your LDIF?
- Eirik Toft about 11 years
  
  Sure: Please note, there is no "changetype:" line in this ldif as it is produced from ldapsearch on another machine.
Eirik Toft about 11 years

Actually, if you read my original post, in OpenLDAP2.3, a changetype attribute is not needed. If the LDIF was read by ldapadd, changetype "add" was assumed - likewise for ldapmodify, if no changetype attribute was defined, then modify was the default. The issue is I want this behavior again - this allows me to feed in the output of ldapsearch from one ldap server and use it to add/update the directory on another one.
84104 about 11 years

@EirikToft If that truly is your intention, why not use the standard mechanisms for this? openldap.org/doc/admin24/replication.html
gooamoko about 11 years

So, if you want openldap 2.3 behavior again and (for some reasons) don't want to use standard replication mechanisms - what about run old ldapadd or ldapmodify with connection to new openldap server?