Kyle Tucker wrote: >> Kyle Tucker wrote: >>> But recent research into LDIF revealed that the proper way >> What do you mean by "recent" here? RFC 2849 was published in 2000, and >> I don't think there was much further research. That document illustrate >> even wiser (and syntactically correct) means to perform the >> modifications you need. > > I was referring to my research. I was more looking into why the other > non-replace method works, if it was some optional syntax or if it wasn't > even working as it seemed, although all evidence I saw indicated it was. > > dn: uid=$UID, ou=People, $DNDOMAIN > changetype: modify > shadowLastChange: $TODAY > userPassword: $PWHASH The above is a bug (feature?) of the LDIF parsing routine, a bit too liberal > dn: uid=$UID, ou=People, $DNDOMAIN > changetype: modify > replace: shadowLastChange > shadowLastChange: $TODAY > > dn: uid=$UID, ou=People, $DNDOMAIN > changetype: modify > replace: userPassword > userPassword: $PWHASH The above, according to RFC 2849, can be summarized in dn: uid=$UID, ou=People, $DNDOMAIN changetype: modify replace: shadowLastChange shadowLastChange: $TODAY - replace: userPassword userPassword: $PWHASH - with two relevant consequences: 1) only one operation is performed instead of two; 2) as a consequence, the modification is atomic, i.e. either they both succeed or they both fail; the way you indicated, they could have independently succeeded or failed. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati at sys-net.it ------------------------------------------
