python-ldap-dev

Problems importing from LDIF file generated with python-ldap

[Lars E. K. <lar...@gm...>]

Hi.

I am sorry if this is a stupid question. I have pretty basic knowledge
of both LDAP and python, and am having trouble with some scripts for
creating LDAP records, written by my predecessor.

This script worked fine from an Ubuntu 7.10 client environment before
the summer, but now, after actually upgrading to Ubuntu 8.04, the
script yields an error message when adding the user to groups, using
the modify changetype operator. The offending statement looks like
this:

#########
dn: cn=audio,ou=Group,dc=ourdc,dc=no
changetype: modify
memberUid: newuser
#########

The errormessage from ldapmodify:

#########
larsekol@skarphedin:~$ /usr/bin/ldapmodify -ZZ -h ldap.server -D
"cn=Manager,dc=ourdc,dc=no" -w passwrrd -x -a -f ./newaccounts.ldif

adding new entry "uid=newuser,ou=people,dc=ourdc,dc=no"

adding new entry "cn=newuser,ou=Group,dc=ourdc,dc=no"

ldapmodify: modify operation type is missing at line 26, entry
"cn=audio,ou=Group,dc=ourdc,dc=no"

larsekol@skarphedin:~$
#########

When I look in the LDAP docs, this looks reasonable, as it states that
you ned an "add: memberUid" statement with the changetype: modify. But
how come it worked before? And when I try to incorporate this into the
LDIF generator script, which uses python-ldap, it just won't work. The
relevant code looked like this:

#########
      # add the new user to a set of default groups:
      # audio, cdrom, floppy, plugdev, video

      entry={ 'changetype' : ['modify'],
	      'memberUid': [username],
      }
      dn='cn=audio,ou=Group,dc=ourdc,dc=no'
      ldif_writer=ldif.LDIFWriter(newusers)
      ldif_writer.unparse(dn,entry)
#########

I thought I could add another element to the dict, "'add':
['memberUid']", but that's probably a naiive assumption, and wishful
thinking. When I add it between the changetype and memberuid elements,
it will appear in the top of the LDIF statement, which won't work:

My "improvement":
#########
      # add the new user to a set of default groups:
      # audio, cdrom, floppy, plugdev, video

      entry={ 'changetype' : ['modify'],
              'add': ['memberUid'],
	      'memberUid': [username],
      }
      dn='cn=audio,ou=Group,dc=ourdc,dc=no'
      ldif_writer=ldif.LDIFWriter(newusers)
      ldif_writer.unparse(dn,entry)
#########

Result:
########
dn: cn=audio,ou=Group,dc=ourdc,dc=no
add: memberUid
changetype: modify
memberUid: newuser
########

Here the add and changetype statements should be the other way
(changetype first, add afterwards), if I understand the docs right. If
I do that manually in the LDIF file, ldapmodify will add the user to
the audio group with no complaints. But I haven't been able to do that
thru the python-ldap libraries.

Could someone please point me to where I've totally misunderstood
here, or how I could make this right with python-ldap (adding the user
to audio group)?

Thanks from a noob.

Lars Erik
Lars Erik

Re: Problems importing from LDIF file generated with python-ldap

[Michael S. <mi...@st...>]

Lars Erik Kolden wrote:
> ldapmodify: modify operation type is missing at line 26, entry
> "cn=audio,ou=Group,dc=ourdc,dc=no"
> [..]
> When I look in the LDAP docs, this looks reasonable, as it states that
> you ned an "add: memberUid" statement with the changetype: modify. But
> how come it worked before? And when I try to incorporate this into the
> LDIF generator script, which uses python-ldap, it just won't work.

I don't know why it worked in the past. The LDIF generator script is 
wrong since it uses module ldif for generating entry records (provided 
by a dict) instead of providing a modification list (list type) which 
would make LDIFWriter.unparse() to generate a change record.

See __doc__ string in ldif.py:

class LDIFWriter:
[..]
   def unparse(self,dn,record):
     """
     dn
           string-representation of distinguished name
     record
           Either a dictionary holding the LDAP entry {attrtype:record}
           or a list with a modify list like for LDAPObject.modify().
     """

> relevant code looked like this:
> 
> #########
>       # add the new user to a set of default groups:
>       # audio, cdrom, floppy, plugdev, video
> 
>       entry={ 'changetype' : ['modify'],
> 	      'memberUid': [username],
>       }
>       dn='cn=audio,ou=Group,dc=ourdc,dc=no'
>       ldif_writer=ldif.LDIFWriter(newusers)
>       ldif_writer.unparse(dn,entry)

Should be:

modlist=[(ldap.MOD_ADD,'memberUid',[username])]
ldif_writer.unparse(dn,modlist)

BTW: Anyway I'd recommend to directly use a LDAP connection for this 
task, not generate LDIF and then using command-line tools. This would 
give you much better control in case of LDAP errors.

Ciao, Michael.

Re: Problems importing from LDIF file generated with python-ldap

[Lars E. K. <lar...@gm...>]

Thanks a lot, this worked perfectly! You really saved my day (or week,
for that matter). I will rewrite the script when I have the time and
maybe a better understanding of LDAP and Python-ldap.

Best regards,

Lars Erik

On Wed, Aug 13, 2008 at 3:28 PM, Michael Ströder <mi...@st...> wrote:
> Lars Erik Kolden wrote:
>>
>> ldapmodify: modify operation type is missing at line 26, entry
>> "cn=audio,ou=Group,dc=ourdc,dc=no"
>> [..]
>> When I look in the LDAP docs, this looks reasonable, as it states that
>> you ned an "add: memberUid" statement with the changetype: modify. But
>> how come it worked before? And when I try to incorporate this into the
>> LDIF generator script, which uses python-ldap, it just won't work.
>
> I don't know why it worked in the past. The LDIF generator script is wrong
> since it uses module ldif for generating entry records (provided by a dict)
> instead of providing a modification list (list type) which would make
> LDIFWriter.unparse() to generate a change record.
>
> See __doc__ string in ldif.py:
>
> class LDIFWriter:
> [..]
>  def unparse(self,dn,record):
>    """
>    dn
>          string-representation of distinguished name
>    record
>          Either a dictionary holding the LDAP entry {attrtype:record}
>          or a list with a modify list like for LDAPObject.modify().
>    """
>
>> relevant code looked like this:
>>
>> #########
>>      # add the new user to a set of default groups:
>>      # audio, cdrom, floppy, plugdev, video
>>
>>      entry={ 'changetype' : ['modify'],
>>              'memberUid': [username],
>>      }
>>      dn='cn=audio,ou=Group,dc=ourdc,dc=no'
>>      ldif_writer=ldif.LDIFWriter(newusers)
>>      ldif_writer.unparse(dn,entry)
>
> Should be:
>
> modlist=[(ldap.MOD_ADD,'memberUid',[username])]
> ldif_writer.unparse(dn,modlist)
>
> BTW: Anyway I'd recommend to directly use a LDAP connection for this task,
> not generate LDIF and then using command-line tools. This would give you
> much better control in case of LDAP errors.
>
> Ciao, Michael.
>