Hi,
Does anyone know how to make ldifde ignore invalid attributes within an LDIF file while continuing to properly process the entire entry?
I would like to import 664 security groups from a testing environment into production, the groups are all new in production while we will not be creating any new users - only adding members to these groups who are already users in the production forest, and are members of this group in test forest (same usernames in both forests).
So I figured the easiest way would be to use ldifde to create all these groups and assign all of the 'member:<foo>' attributes on group creation.
Unfortunately there are some users in test who do not exist in production, and even telling ldifde to ignore entries where the user is not found while move to the next changetype: entry, skipping all the other users who should be added to the group. For example:
DN:CN=AGROUP,OU=Groups,DC=Org
changetype:add
objectclass:group
grouptype:-2147483646
description: This is a group
member:CN=Validuser1,OU=Users,DC=Org
member:CN=Validuser2,OU=Users,DC=Org
member:CN=Testonlyuser1,OU=Users,DC=Org *Ldifde craps out here and skips the entire entry - the group is not created and validusers 1,2, and 3 will not be added.
member:CN=Validuser3,OU=Users,DC=Org
The above works fine if the TestOnlyUser is removed. Unfortunately I have been handed a CSV export of the test OU from the test team and parsed it into an LDIF file that would be functional, if not for all of these users that only exist in test. It is not trivial to manually search for all the users who are in test only as there will be hundreds who exist only in test, as there will also be hundreds of users who exist in both forests.
Any suggestions greatly appreciated.
Cheers, Bruno
Reply With Quote
Bookmarks