Hi, I am actually new to this forum and I kept trying for a few days to find an easy way to copy an entire LDAP subtree to another tree. Since I couldn't find anything useful, i thought of dropping a question here as well. Does anybody know how to do this programatically ?
For normal operations like add, remove, search, I've been using Spring LDAP.
Thanks a lot !
I actually don't know Spring LDAP but if your LDAP interface does not provide any high level abstraction for moving/renaming or copying an entire subtree you have to move/rename or copy all subtree nodes recursively. The LDAP API does not provide such an option directly.
The following is pseudo-code:
function copySubtree(oldDn, newDn)
{
copyNode(oldDn, newDn); // the new node will be created here
if (nodeHasChildren(oldDn) {
foreach (nodeGetChildren(oldDn) as childDn) {
childRdn=getRdn(childDn); // we have to get the 'local' part, the so called RDN
newChildDn=childRdn + ',' + newDn; // the new DN will be the old RDN concatenated with the new parent's DN
copySubtree(childDn, newChildDn); // call this function recursively
}
}
}
Do note that passwords are tricky to copy. You may or may not be able to read them via the LDAP API. It would depend on the LDAP implementation you are using this against.
Thus a copy to a new location may not get everything you want or need.
Dump it as LDIF, edit the DNs via search & replace (or via script), and import the new LDIF.
Spring may not be the tool to do this. Is it necessary that you manipulate the directory with Spring? I presume OpenLDAP's ldapsearch and ldapadd should work against any server, and they will dump/load LDIF.