I've run into a number of customer issues where we had to update thousand of entries with the exact same attribute and value. In each case, I had to write an LDIF file. A co-worker gave me a clever idea. Create a utility which allows you to populate (or remove) attributes without an LDIF.

You can run the utility in one of two ways. You can specify one attribute and value, on the command line, to be added. Alternatively, you can specify a file with multiple attributes and values. The rest of the syntax is just like ldapsearch - a bind DN, a password, a search base and filter. The utility will apply the change to all entries that match the filter under the specified search base.

In order to run it, you'll need Perl and the Net::LDAP module. On NLD or SLES, you can just load perl-ldap to get this module. You can also set it up on Windows, but you'll have to download the module from www.cpan.org .

Here's the syntax:

# Gives you verbose help instructions
$ bulkmod.pl --help

$ bulkmod.pl -h <host> -D <user> -w <password> -b <base> -m [add|del|rep] -a <attr>
-v <value> <filter>

$ bulkmod.pl -h <host> -D <user> -w <password> -b <base> -m [add|del|rep] -f <file>

Where the file is in this format:

$ ./bulkmod.pl -h sammy -D cn=admin,o=novell -w novell -b o=novell -m add -a title -v
TSE "objectclass=user"

$ ./bulkmod.pl -h sammy -D cn=admin,o=novell -w novell -b o=novell -m del -f changes


Comment List