March 27, 2017 at 4:42 pm #16524[email protected]Participant
Right now we have around 15Million records in production and UID is our RDN. But we want to change the RDN from UID to some other GUID attribute. And both of these(UID and GUID) attributes exist and are already populated with the values. So we need to just flip the RDN attribute without affecting any data.
Current: DN: UID=john,ou=people,dc=xyz,dc=com
Need to change it to: DN: GUID=3kjkejfkd,ou=people,dc=xyz,dc=com
Any good solutions will be appreciated.
Anji.March 27, 2017 at 9:10 pm #16533Brad TumyParticipant
I don’t see a reference to it in the OpenDJ docs but here is a reference from the Sun days:
Modifying Directory Entries (hint: scroll down to “change rdn”).
You could quickly write a python (or bash) script (I have some examples if you need them) to knock this out. My only concern would be the amount of time it takes to update 15M records.
Before you try this … check out bugster as I noticed that there are few old issues on this. They very well could all be closed but better safe than sorry.
TUMY | TECHMarch 27, 2017 at 9:55 pm #16537[email protected]Participant
Thanks Brad. The link that you have given explains how to change the value of the RDN and doesn’t show how to change the RDN attribute itself. Can you confirm please?
Anji.March 27, 2017 at 10:20 pm #16539Brad TumyParticipant
Is this a follow on question to:
It looks like you have the answer for how to change the value that OpenDJ is using on authentication as the RDN but OpenAM’s self-service module is populating the value that you are using for username into this attribute.
Could you go into a little more detail about your use case? I don’t want to give you incorrect information.
March 28, 2017 at 11:37 am #16547LudoModerator
- This reply was modified 5 years, 6 months ago by Brad Tumy.
LDAP allows to rename an entry with the moddn operation, with the following LDIF statement.
You can choose to keep or delete the old RDN.
ldapmodify ... dn: uid=john,ou=people,dc=xyz,dc=com changetype: moddn newrdn: guid=xxxxxxx deleteoldrdn: 0 -
It will take a while to loop through all entries, but it’ll work.
Alternately you could export all data to LDIF file, use a script to change all records, and then reimport everything.
You must be logged in to reply to this topic.