Re: Problems importing from LDIF file generated with python-ldap

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Thanks a lot, this worked perfectly! You really saved my day (or week,
for that matter). I will rewrite the script when I have the time and
maybe a better understanding of LDAP and Python-ldap.

Best regards,

Lars Erik

On Wed, Aug 13, 2008 at 3:28 PM, Michael Ströder <mi...@st...> wrote:
> Lars Erik Kolden wrote:
>>
>> ldapmodify: modify operation type is missing at line 26, entry
>> "cn=audio,ou=Group,dc=ourdc,dc=no"
>> [..]
>> When I look in the LDAP docs, this looks reasonable, as it states that
>> you ned an "add: memberUid" statement with the changetype: modify. But
>> how come it worked before? And when I try to incorporate this into the
>> LDIF generator script, which uses python-ldap, it just won't work.
>
> I don't know why it worked in the past. The LDIF generator script is wrong
> since it uses module ldif for generating entry records (provided by a dict)
> instead of providing a modification list (list type) which would make
> LDIFWriter.unparse() to generate a change record.
>
> See __doc__ string in ldif.py:
>
> class LDIFWriter:
> [..]
>  def unparse(self,dn,record):
>    """
>    dn
>          string-representation of distinguished name
>    record
>          Either a dictionary holding the LDAP entry {attrtype:record}
>          or a list with a modify list like for LDAPObject.modify().
>    """
>
>> relevant code looked like this:
>>
>> #########
>>      # add the new user to a set of default groups:
>>      # audio, cdrom, floppy, plugdev, video
>>
>>      entry={ 'changetype' : ['modify'],
>>              'memberUid': [username],
>>      }
>>      dn='cn=audio,ou=Group,dc=ourdc,dc=no'
>>      ldif_writer=ldif.LDIFWriter(newusers)
>>      ldif_writer.unparse(dn,entry)
>
> Should be:
>
> modlist=[(ldap.MOD_ADD,'memberUid',[username])]
> ldif_writer.unparse(dn,modlist)
>
> BTW: Anyway I'd recommend to directly use a LDAP connection for this task,
> not generate LDIF and then using command-line tools. This would give you
> much better control in case of LDAP errors.
>
> Ciao, Michael.
>