From a4c74973a6d18442335b240e8cff7fdc45775035 Mon Sep 17 00:00:00 2001
From: Martin Goik <goik@hdm-stuttgart.de>
Date: Tue, 14 Oct 2014 22:22:57 +0200
Subject: [PATCH] LDIF import/export, search completed
---
Sda2/sda2.xml | 224 +++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 214 insertions(+), 10 deletions(-)
diff --git a/Sda2/sda2.xml b/Sda2/sda2.xml
index 163e160ab..91c661483 100644
--- a/Sda2/sda2.xml
+++ b/Sda2/sda2.xml
@@ -110,8 +110,8 @@
<qandaentry>
<question>
<para>Add two departments <code>billing</code> and
- <code>research</code>. Then supply some corresponding users by
- using the <link
+ <code>research</code>. Then supply corresponding user entries to
+ both departments by using the <link
xlink:href="http://directory.apache.org/studio/users-guide/ldap_browser/gettingstarted_browse.html">LDAP
browser view</link>. (As being mentioned previously hardcore
hackers take <link
@@ -127,7 +127,7 @@
<glosslist>
<glossentry>
- <glossterm><code>billing</code> and
+ <glossterm>Departments <code>billing</code> and
<code>research</code>:</glossterm>
<glossdef>
@@ -142,7 +142,8 @@
</glossentry>
<glossentry>
- <glossterm>Users:</glossterm>
+ <glossterm>Child user entries below <code>billing</code> and
+ <code>research</code>:</glossterm>
<glossdef>
<itemizedlist>
@@ -163,10 +164,10 @@
definitions like <code>top</code> and <code
xlink:href="http://www.zytrax.com/books/ldap/ape/#person">person</code>
are being omitted here. <xi:include href="acronyms.xml"
- xpointer="link_ApacheDirectoryStudio"/> will gracefully add them
- on behalf of you automatically. The subsequent <xi:include
- href="acronyms.xml" xpointer="acronym_LDIF"/> dump may serve as
- a hint:</para>
+ xpointer="link_ApacheDirectoryStudio"/> will gracefully add
+ missing objectClasses on behalf of you automatically. The
+ subsequent <xi:include href="acronyms.xml"
+ xpointer="acronym_LDIF"/> dump may serve as a hint:</para>
<programlisting language="none">...
<emphasis role="bold">dn: ou=billing,dc=hdm-stuttgart,dc=de</emphasis>
@@ -191,6 +192,11 @@ sn: Lapinski
uid: lapinski
uidNumber: 1023
...</programlisting>
+
+ <para>Question: What is the ratio behind adding the
+ <code>objectClass</code> value <code>posixAccount</code>? Hint:
+ Try to create a corresponding dataset having two persons with
+ identical names within the same department.</para>
</question>
<answer>
@@ -208,6 +214,79 @@ uidNumber: 1023
</mediaobject>
</screenshot>
</figure>
+
+ <para>Without having the <code>objectClass</code> value
+ <code>posixAccount</code> the attribute <code>uid</code> would
+ be disallowed and could thus not be part of our <xi:include
+ href="acronyms.xml" xpointer="acronym_DN"/> values. This would
+ leave us with solutions like:</para>
+
+ <programlisting language="none"><emphasis role="bold">dn: cn=Mee Lapinski,ou=billing,dc=hdm-stuttgart,dc=de</emphasis></programlisting>
+
+ <para>This in turn disallows identical common names (e.g. a
+ second <personname>Mee Lapinski</personname>) within the same
+ department. Thus the auxiliary objectClass posixAccount enables
+ us to introduce additional mandatory <code>uid</code> attribute
+ being the unique identifier within a given parent scope.</para>
+ </answer>
+ </qandaentry>
+ </qandadiv>
+ </qandaset>
+ </section>
+
+ <section xml:id="ldifImportExport">
+ <title><xi:include href="acronyms.xml" xpointer="acronym_LDIF"/> export
+ and import</title>
+
+ <para>This section is intended to get acquainted with <xi:include
+ href="acronyms.xml" xpointer="acronym_LDIF"/> representation of
+ <xi:include href="acronyms.xml" xpointer="acronym_LDAP"/> data and
+ requires successful completion of <xref linkend="qandaPopulateLdap"/> as
+ a prerequisite. You may want to read <uri
+ xlink:href="http://www.zytrax.com/books/ldap/ch8">http://www.zytrax.com/books/ldap/ch8</uri>.</para>
+
+ <qandaset defaultlabel="qanda" xml:id="qanda_ldifExportImport">
+ <title>Exporting, modifying and importing <xi:include
+ href="acronyms.xml" xpointer="acronym_LDAP"/> data using the
+ <xi:include href="acronyms.xml" xpointer="acronym_LDIF"/> interchange
+ representation.</title>
+
+ <qandadiv>
+ <qandaentry>
+ <question>
+ <para>Export your current database state being left from <xref
+ linkend="qandaPopulateLdap"/> to an <xi:include
+ href="acronyms.xml" xpointer="acronym_LDIF"/> text file.</para>
+
+ <para>Subsequently use this database dump file as a starting
+ point to create a <xi:include href="acronyms.xml"
+ xpointer="acronym_LDIF"/> import file adding a department
+ <quote>pr</quote> (public relations) containing a user
+ <quote>Paul Simon</quote> with suitable attribute values to the
+ dataset.</para>
+ </question>
+
+ <answer>
+ <para>Adding the new entries in question requires:</para>
+
+ <programlisting language="none">version: 1
+
+dn: ou=pr,dc=hdm-stuttgart,dc=de
+objectClass: top
+objectClass: organizationalUnit
+ou: pr
+
+dn: uid=simon,ou=pr,dc=hdm-stuttgart,dc=de
+objectClass: posixAccount
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+cn: Paul Simon
+gidNumber: 130
+homeDirectory: /home/tauras
+sn: Svetlana
+uid: tauras
+uidNumber: 1028</programlisting>
</answer>
</qandaentry>
</qandadiv>
@@ -219,8 +298,133 @@ uidNumber: 1023
xpointer="acronym_DIT"/></title>
<para>Like relational and other database types <xi:include
- href="acronyms.xml" xpointer="acronym_LDAP"/> provides a query language
- suitable to filter result entries .</para>
+ href="acronyms.xml" xpointer="acronym_LDAP"/> provides a <link
+ xlink:href="http://www.zytrax.com/books/ldap/apa/search.html">query
+ language</link> to filter result entries.</para>
+
+ <qandaset defaultlabel="qanda" xml:id="qanda_firstLdapQuery">
+ <title>Filtering child elements</title>
+
+ <qandadiv>
+ <qandaentry>
+ <question>
+ <para>Create <xi:include href="acronyms.xml"
+ xpointer="acronym_LDAP"/> queries corresponding to the following
+ descriptions:</para>
+
+ <orderedlist>
+ <listitem>
+ <para>All users entries within the whole <xi:include
+ href="acronyms.xml" xpointer="acronym_DIT"/> having a
+ gidNumber value of 100.</para>
+ </listitem>
+
+ <listitem>
+ <para>All user entries belonging to the billing department
+ having a <code>uid</code> value greater than 1023.</para>
+ </listitem>
+
+ <listitem>
+ <para>All user entries within the whole <xi:include
+ href="acronyms.xml" xpointer="acronym_DIT"/> having a common
+ name containing the substring <quote>ei</quote>.</para>
+ </listitem>
+
+ <listitem>
+ <para>All user entries within the whole <xi:include
+ href="acronyms.xml" xpointer="acronym_DIT"/> belonging to
+ gidNumber == 100 or having a <code>uid</code> value starting
+ with letter <quote>t</quote>.</para>
+ </listitem>
+ </orderedlist>
+
+ <para>Hint: <xi:include href="acronyms.xml"
+ xpointer="link_ApacheDirectoryStudio"/> allows both for <link
+ xlink:href="http://directory.apache.org/studio/users-guide/ldap_browser/tools_filter_editor_dialog.html">filtering</link>
+ and <link
+ xlink:href="http://directory.apache.org/studio/users-guide/ldap_browser/gettingstarted_search.html">searching</link>
+ providing nifty features like attribute name completion and
+ syntax highlighting. For regular searches you may define:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The <xi:include href="acronyms.xml"
+ xpointer="acronym_DIT"/> entry to start from being
+ identified by its <xi:include href="acronyms.xml"
+ xpointer="acronym_DN"/>.</para>
+ </listitem>
+
+ <listitem>
+ <para>The search scope being either of object, one level or
+ subtree.</para>
+ </listitem>
+
+ <listitem>
+ <para>Boolean expressions based on attribute values.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>But yes, I forgot to mention <link
+ xlink:href="http://tldp.org/HOWTO/LDAP-HOWTO/utilities.html">something</link>.</para>
+ </question>
+
+ <answer>
+ <orderedlist>
+ <listitem>
+ <para><emphasis role="bold">All users entries within the
+ whole </emphasis><xi:include href="acronyms.xml"
+ xpointer="acronym_DIT"/><emphasis role="bold"> having a
+ gidNumber value of 100.</emphasis></para>
+
+ <para>Solution: <code>(gidNumber=100)</code>, starting from
+ top of <xi:include href="acronyms.xml"
+ xpointer="acronym_DIT"/> having subtree scope.</para>
+ </listitem>
+
+ <listitem>
+ <para><emphasis role="bold">All user entries belonging to
+ the billing department having a <code>uid</code> value
+ greater than 1023.</emphasis></para>
+
+ <para>Solution: <code>(uidNumber>=1024)</code> starting
+ from <xi:include href="acronyms.xml" xpointer="acronym_DN"/>
+ <code>ou=billing,dc=hdm-stuttgart,dc=de</code> and scope
+ <code>one level</code>.</para>
+
+ <para>Notice the expression
+ <code>(uidNumber>=1024)</code> in favour of the seemingly
+ equivalent but syntactically illegal counterpart
+ <code>(uidNumber>1023)</code>.</para>
+ </listitem>
+
+ <listitem>
+ <para><emphasis role="bold">All user entries within the
+ whole </emphasis><xi:include href="acronyms.xml"
+ xpointer="acronym_DIT"/><emphasis role="bold"> having a
+ common name containing the substring
+ <quote>ei</quote>.</emphasis></para>
+
+ <para>Solution: <code>(cn=*ei*)</code>, starting from top of
+ <xi:include href="acronyms.xml" xpointer="acronym_DIT"/>
+ having subtree scope.</para>
+ </listitem>
+
+ <listitem>
+ <para><emphasis role="bold">All user entries within the
+ whole </emphasis><xi:include href="acronyms.xml"
+ xpointer="acronym_DIT"/><emphasis role="bold"> belonging to
+ gidNumber == 100 or having a <code>uid</code> value starting
+ with letter <quote>t</quote>.</emphasis></para>
+
+ <para>Solution: <code>(|(gidNumber=100)(uid=t*))</code>,
+ starting from top of <xi:include href="acronyms.xml"
+ xpointer="acronym_DIT"/> having subtree scope.</para>
+ </listitem>
+ </orderedlist>
+ </answer>
+ </qandaentry>
+ </qandadiv>
+ </qandaset>
</section>
</chapter>
</part>
--
GitLab