blob: 584daa1355b8112a1a62e7be352fff238e6bfcd2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
ldapply
=======
[LDIF](https://www.ietf.org/rfc/rfc2849.txt) idempotent apply tool.
This tool is similar to `ldapmodify` with one exception: it's idempotent.
It was written to help declarative deployments with [NixOS](http://nixos.org/).
How it works
============
1. If change type is not specified, it adds or replaces an entry.
2. If change type is specified, it acts like normal `ldapmodify`.
Requirements
============
`ldapply` is written in Haskell with [GHC](http://www.haskell.org/ghc/).
All required Haskell libraries are listed in [ldapply.cabal](ldapply.cabal).
Use [cabal-install](http://www.haskell.org/haskellwiki/Cabal-Install) to fetch
and build all pre-requisites automatically.
Usage
=====
Type `ldapply --help` to see usage summary:
Usage:
ldapply [options] LDIF...
Options:
-H <ldapuri> LDAP URL to connect to [default: ldapi:///]
-x Use simple bind instead of default SASL External
-D <binddn> Use <binddn> for the distinguished name or authorization identity
-w <passwd> Use <passwd> as the password for simple bind
-y <passwdfile> Read password from <passwdfile>, only the first line is read
-h, --help Show this message
If option -w is given, -y is ignored.
LDIF example
============
```LDIF
dn: dc=nodomain
objectClass: top
objectClass: dcObject
objectClass: organization
dc: nodomain
o: Example, Inc.
dn: cn=reader,dc=nodomain
objectclass: top
objectclass: organizationalRole
objectclass: simpleSecurityObject
cn: reader
description: Initial description
userPassword: qwerty123lol
# description will be removed, userPassword changed:
dn: cn=reader,dc=nodomain
objectclass: top
objectclass: simpleSecurityObject
objectclass: organizationalRole
cn: reader
userPassword: foobar12345
# userPassword will be changed:
dn: cn=reader,dc=nodomain
changetype: modify
replace: userPassword
userPassword: anothersecretstuff
dn: cn=reader,dc=nodomain
changetype: modify
replace: description
description: foo
# This will be deleted if exists:
dn: cn=reader,dc=nodomain
changetype: delete
```
|
