• Post Reply Bookmark Topic Watch Topic
  • New Topic

Modifying Attributes in LDAP  RSS feed

 
Jim Toth
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I need some help with LDAP.

I am having to update information in Active Directory.
The jndi examples use DN to locate attribute being updated.

Basically I am starting with an empty directory and a schema in place.
I need to populate the data.
I have about 8800 users.
I don't have all of the distinguished name (DN) information because the data is coming out of a database.
The example uses the following syntax to modify.

mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attr1);
// Perform the update
ctx.modifyAttributes(distinguishedName, mods);

Do I have to use the distinguished name or can I be more or less specific to do the update of this attribute?
 
Valentin Tanase
Ranch Hand
Posts: 704
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Jim,

I wish I could help you more, but I guess you have to. However it will be at least more safety to use DN. We are using here Netscape api (which by the way performs much better than jndi, which is well known for performing very poorly though) and looking through the code I�ve seen that we always use the DNs for modifying the entries. I will send you some code snippet for comparison. I hope this will help:


I hope it will help.
Regards.
 
Jim Toth
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the input.
I can't see how you could update the information anyway without the DN.
It is like having a person object and trying to say that you will update their email information, but at the same time you don't know the person's name, it can't be done.
 
Jim Toth
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How do I go about building the DN if I don't have one?

The elements of the DN are CN, OU, DC, etc.
I would need to add those first it seems.
 
Valentin Tanase
Ranch Hand
Posts: 704
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Jim,

An usual user�s DN might look like this:



In order to build the user�s dn we have an utility getDistinguishedUserName() method that takes the user�s uid as the input parameter and use the String object in order to build the dn. We also import/update user�s information from database but we can take advantage of the fact that our user�s uid are pretty standards: first name�s first latter + last name. In your case you should study the business rules that govern the uid generation process. If there aren�t any obvious rules, then I guess you have no choice but to first search your ldap for a matching entry using a set of convenient fields/attributes searching criteria that can uniquely identify an entry. You can next extract the uid and perform the update. Following this approach with your ldap and using jndi api, it would be an overkill when processing like 8800 users. We have about 6000, we�re using netscape api and don�t require a supplementary select and it still takes a lot of time. Retrieving all users from ldap for example is taking more than 10-15 minutes though.
Regards.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!