Re: what is the best practice to modrdn for branch of objects?

[Chris Ridd]

> On 18 Jun 2018, at 12:33, Zeus Panchenko <ze...@ibs.dn.ua> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> hi
>
> what is the best practice to moddn() for branch of objects?

I’m not really sure “best practice” is relevant here - whatever you need to do needs to be expressed in LDAP protocol requests.

I would note that storing entries subordinate to user entries is rather unusual. Not illegal in any way, just unusual and it would surprise most people who were familiar with LDAP.

>
> lets say we have two objects:
>
> - ---[ user A start ]-------------------------------------------
> dn: uid=naf.nafus,ou=People,dc=umidb
> dn: authorizedService=w...@borg.startrek.in,uid=naf.nafus,ou=People,dc=umidb
> dn: uid=q...@borg.startrek.in,authorizedService=w...@borg.startrek.in,uid=naf.nafus,ou=People,dc=umidb
> dn: authorizedService=ov...@borg.startrek.in,uid=naf.nafus,ou=People,dc=umidb
> dn: cn=dev-ap-notebook,authorizedService=ov...@borg.startrek.in,uid=naf.nafus,ou=People,dc=umidb
> dn: authorizedService=ma...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb
> dn: uid=naf....@starfleet.startrek.in,authorizedService=ma...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb
> dn: authorizedService=xm...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb
> dn: uid=naf.n...@starfleet.startrek.in,authorizedService=xm...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb
> - ---[ user A end ]-------------------------------------------
>
> and
>
> - ---[ user B start ]-------------------------------------------
> dn: uid=taf.taffij,ou=People,dc=umidb

So there are two cases to consider:

* user B already exists

* user B does not exist

In the first case, you can iterate through all of user A’s immediate children and modifydn each of them. Do you delete user A at the end?

Alternative in the first case, you could delete user B first and then just use modifydn once to move user A to user B.

In the second case, just modifydn user A to user B in a single operation.

You may need to refine your question a bit more.

>
> to do that, I take target branch subtree and „re-write“ DN of each object to be reassigned ...
> (https://github.com/z-eos/umi/blob/master/lib/LDAP_CRUD.pm#L992)
>
>
> what I think of is something like this:
>
> - ---[ quotation start ]-------------------------------------------
> $dn = 'authorizedService=xm...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb';
> $mesg = $ldap->moddn( $dn,
> newsuperior => 'uid=taf.taffij,ou=People,dc=umidb',
> recursively => 1 );

Net::LDAP’s moddn method does not take a “recursively” option. The LDAP modifydn operation is already defined to move all the entry's children. If the server cannot perform that operation, it will return an error instead.

Cheers,

Chris

[Chris Ridd]

> On 19 Jun 2018, at 05:58, Zeus Panchenko <ze...@ibs.dn.ua> wrote:

>
> Chris Ridd <chri...@mac.com> wrote:
>> Net::LDAP's moddn method does not take a „recursively“ option.
>

> may it sound sane to add it to the method?

>
>> The LDAP modifydn operation is already defined to move all the entry's
>> children.
>

> I believe, it'd be great to have something like that in Net::LDAP too …

Well that’s up to Peter, but I would say that no it doesn’t make sense because the operations in LDAP.pm only do what the RFCs describe.

I think you should write your own wrapper/utility function that does what your use case needs.

Cheers,

Chris