How to copy a LDAP entry and all the subtree on a Linux/openldap server?
Solution 1
Probably the best way to handle this is to export the sub-tree in question to an LDIF file, tweak the file to change the DNs to be what you need, import the LDIF file into the production environment. There are a variety of ways to create the LDIF file, with ldapsearch being the most available. The command needed to get the LDIF file can vary depending on the LDAP server in use, but should look something similar to this.
ldapsearch -b ou=software,o=company,c=fr -s sub -h host.ldap.server > software.ldif
This assumes you don't need to log in. Pipe output to a file. You can then open the file in whatever tool you wish and change all occurrences of "ou=software,o=" to "ou=software_v2,o=". This can then be used to import.
ldapadd -a -h host.ldap.server -f software.ldif
TLS usage, logins, and strange ports will require different options on both commands, but this should at least get you started.
(Edit) Those fields are base64 encoded. The one you quote in comments has "Côte d'Azur" in the DN. One way to get at the real text is to:
- Copy the DN to a simple text file, encode-old.txt
- Pipe it through the base64 command, base64 -d encode-old.txt > decoded.txt
- Make the changes you need in the decode.txt file
- Pipe it back through the base64 command, base64 decoded.txt > encode-new.txt
Obviously this won't scale that well, but it shows how to get at the real text. Processing the .ldif file with sed/awk or perl to make the needed changes programatically is probably your best best.
Solution 2
Although you already marked sysadmin1138's reply as "reply", I still want to contribute my idea. Install "gq" on a system, connect it with an account which has enough privileges to the LDAP server and simply drag and drop your subtree (or: "save as new"). It is easy, it is fast and works.
gq is a LDAP browser (with editing function) which requires a X server.
Related videos on Youtube
12 : 46
19 : 41
10 : 46
13 : 42
02 : 17
Cédric Girard
I am a french developper, using a lot of differents tools. I use eXtreme Programming and agile good practises, and I love tools that help me to save time.
Updated on September 17, 2022Comments
-
Cédric Girard over 1 year
I want to duplicate an LDAP subtree : my software uses
ou=software,o=company,c=fr
and I want to have version 2 of the software to use
ou=software_v2,o=company,c=fr
I tried JXplore to copy the tree, which is fine for the development server, but I need to to the same on the production server, which is in a datacenter.
Is there any openldap command, any script to do this, or must I create it?
Best regards,
Cédric -
Cédric Girard almost 14 yearsWhen there is specials caractères (like accents) in the DN, it is encoded like this dn:: Y249MDYwMDAwMTYzLG91PTA2MDAwMDE2MyxvdT0wNixvdT1Qcm92ZW5jZS1BbHBlcy0gQ8O0dGUgZCdBenVyLG91PURHUyxvdT1ER1N2MyxvPWVwaWNvbmNlcHQsYz1mcg== and I cannot change anything. It was the first way I tried.