Intro and background: I’m running OpenLDAP 2.26 on a Suse Enterprise Server 9.0. I’m trying to use the OpenLDAP database to make a portion of Active Directory (just usernames, universal group memberships and email addresses) available to a segment of the DMZ that can’t be allowed access to the entire Active Directory infrastructure. To do this, the AD folks are going to provide me a daily LDIF (via a batch process) of all the user objects with just the attributes I need values for. For security reasons, we can’t use more typical replication techniques. I need to then use a batch process to import those LDIF files into the OpenLDAP database. I have run into a variety of problems linked to the facts that a) I’ve never used OpenLDAP before, and b) I’ve never used Linux before. I’ve managed to get Suse installed and OpenLDAP running, so I don’t think the situation is completely hopeless.
The problem I’m bringing up for discussion here is that when I try to import an LDIF file, it fails if any of the entries in LDIF file already exist in the LDAP database. From reading over the archives, the best solution appears to be to kill the slapd process, delete the database files, restart the slapd process and then import the LDIF file to rebuild the database. I think this is a lovely solution, since it also will delete accounts that don’t exist in AD anymore. The trouble is: how do I kill the slapd process in a batch process? I don’t know how to write batch files or their equivalent on Linux yet, but I imagine part of it will be figuring out what commands need to be executed, and since kill seems to require a process ID that changes over time, I’m not sure how to proceed. Is there functionality with OpenLDAP to shut down slapd that I don’t know about, or how should I do this?
If there are some specific background matierals I should read, please point me to them. Thanx!