...
| No Format |
|---|
dn: cn=test, dc=example, dc=com objectclass: top objectclass: person cn: test sn: This is a testcreatorsName: dc=admin, ou=systemcreateTimestamp: 20071010150132ZmodifiersName: dc=admin, ou=systemmodifyTimestamp: 20071010150133Z |
if if we have a delRequest which ldif is :
| No Format |
|---|
dn: cn=test, dc=example, dc=com changetype: delete |
the the reversed ldif should be :
| No Format |
|---|
dn: cn=test, dc=example, dc=comchangetype: add objectclass: top objectclass: person cn: test sn: This is a test |
...
Depending on the modified values, each basic operation may have some different semantic. The following table present all the possible actions :
modification | initial entry | imported Ldif | resulting entry | Comments | Reverse LDIF |
add | dn: cn=test, ou=system | dn: cn=test, ou=system | dn: cn=test, ou=system | In this case, the ou value is simply added | dn: cn=test, ou=system |
add | dn: cn=test, ou=system | dn: cn=test, ou=system | dn: cn=test, ou=system | The ou attribute and its value has been created | dn: cn=test, ou=system |
add | dn: cn=test, ou=system | dn: cn=test, ou=system | dn: cn=test, ou=system | Nothing is done. | no reverse, void operation |
delete | dn: cn=test, ou=system | dn: cn=test, ou=system | dn: cn=test, ou=system | The ou=acme corp value has been deleted | dn: cn=test, ou=system |
delete | dn: cn=test, ou=system | dn: cn=test, ou=system | dn: cn=test, ou=system | The ou attribute has been removed | dn: cn=test, ou=system |
delete | dn: cn=test, ou=system | dn: cn=test, ou=system | dn: cn=test, ou=system | As all the ou values have been removed, | dn: cn=test, ou=system |
replace | dn: cn=test, ou=system | dn: cn=test, ou=system | dn: cn=test, ou=system | The ou attributes' values are replaced | dn: cn=test, ou=system |
replace | dn: cn=test, ou=system | dn: cn=test, ou=system | dn: cn=test, ou=system | Create the ou attribute | dn: cn=test, ou=system |
replace | dn: cn=test, ou=system | dn: cn=test, ou=system | dn: cn=test, ou=system | Delete the ou attribute | dn: cn=test, ou=system |
...
We will separate the ModifyDN into 3 different cases :
- A simple move operation : we change the superior, the RDN remains the same
- A rename operation : the RDN is changed
- A move and rename operation : a combinaison of both previous operations
Move Move operation
This is the simplest one : we change the superior, without changing the entry's attributes nor the RDN
the the following entry :
| No Format |
|---|
cn=test, dc=example, dc=orgobjectClass: personobjectClass: topcn: test |
...
Generally speaking, the revert operation may be a simple one or a combinaison of a moddn and a add/delete operation, depending on the case.
There are 14 13 cases :
- The initial RDN is simple, the target RDN is simple, we don't delete the oldRDN : We just have to remove the newly added AVA if it's not present into the original entry
- The initial RDN is simple, the target RDN is simple, we delete the oldRDN : We have to add the old AVA and to remove the newly added AVA if it's not present into the original entry
- The initial RDN is composite, the target is simple, they don't overlap, we don't delete the oldRDN : We just have to remove the newly added AVA if it's not present into the original entry
- The initial RDN is composite, the target is simple, they don't overlap, we delete the oldRDN : We have to add the original AVAs, and to remove the newly added AVAs if it's not present into the original entryThe initial RDN is composite, the target is simple, they overlap, we don't delete the oldRDN : Nothing special to do
- The initial RDN is composite, the target is simple, they overlap, we delete the oldRDN : We have to add the removed AVAs except the one which is in the new RDN
- The initial RDN is simple, the target RDN is composite, they don't overlap, we don't delete the oldRDN : We have to remove all the new AVAs
- The initial RDN is simple, the target RDN is composite, they don't overlap, we delete the oldRDN : We have to remove all the new AVAs and to add the old AVA
- The initial RDN is simple, the target RDN is composite, they overlap, we don't delete the oldRDN : We have to remove all the new AVAs except the one whgich is in the old RDN
- The initial RDN is simple, the target RDN is composite, they overlap, we delete the oldRDN : We have to remove all the new AVAs except the one which is in the old RDN
- The initial RDN is composite, the target RDN is composite, they don't overlap, we don't delete the oldRDN : We have to remove all the new AVAs which are not present in the original entry
- The initial RDN is composite, the target RDN is composite, they don't overlap, we delete the oldRDN : We have to remove all the new AVAs which are not present in the original entry and add all the removed AVAs from the original entry
- The initial RDN is composite, the target RDN is composite, they overlap, we don't delete the oldRDN : We have to remove all the new AVAs which are not present in the original entry.
- The initial RDN is composite, the target RDN is composite, they overlap, we delete the oldRDN : We have to remove all the new AVAs which are not present in the original entry and add all the removed AVAs from the original entry
Case 11 and 13 are equivalent, so are case 12 and 14. They need two operations to be applied.
The following table gives an example for each of those cases applied on the initial entries :
| No Format |
|---|
dn: cn=test, dc=example, dc=com
objectclass: top
objectclass: person
cn: test
sn: This is a test dn: cn=test+gn=small dc=example, dc=com
objectclass: top
objectclass: person
cn: testgn: small
sn: This is a test
|
For a.1, the new superior will be 'ou=system', the old RDN will be 'cn=test', the new RDN will be 'cn=joe'
For a.1, the new superior will be 'ou=system', the old RDN will be 'cn=test', the new RDN will be 'cn=joe+sn=the plumber'
We also have sub cases, depending in the presence (or not) of the new RDN AVAs into the initial entry. Rge following table expose all the different cases (28), assuming that the two subcases are :
- The initial entry does not contain any of the RDN AVA
- The initial entry contains at least one of the RDN AVA which is not part of the original RDN
One special and important point : we can't use the deleteOldDN for composite operation, as this may lead to the deletion of a mandatory attribute, hence generating an error when applying the revert operation.
case | orginal entry | target RDN | deleteoldrdn | forward ldif | resulting entry | reverse ldif | |||||||||||||
1.1 | dn: cn=test,ou=system | cn=joe | no | dn: cn=test, ou=system | dn: cn=joe, ou=system | dn: cn=joe, ou=system | |||||||||||||
1.2 | dn: cn=test,ou=system | cn=small | no | dn: cn=test, ou=system | dn: cn=small, ou=system | dn: cn=small, ou=system | |||||||||||||
2.1 | dn: cn=test,ou=system | cn=joe | yes | dn: cn=test, ou=system | dn: cn=joe, ou=system | dn: cn=joe, ou=system | |||||||||||||
2.2 | dn: cn=test,ou=system | cn=small | yes | dn: cn=test, ou=system | dn: cn=small, ou=system | dn: cn=joe, ou=system | |||||||||||||
3 | dn: cn=small+cn=test,ou=system | cn=joe | N/A | dn: cn=small+cn=test, ou=system | dn: cn=joe, ou=system | dn: cn=joe, ou=system | |||||||||||||
4 | dn: cn=small+cn=test,ou=system | cn=big | N/A | dn: cn=small+cn=test, ou=system | dn: cn=big, ou=system | dn: cn=big, ou=system | |||||||||||||
5 | cn=small+cn=test | cn=test | N/A | dn: cn=small+cn=test, ou=system | dn: cn=test, ou=system | dn: cn=test, ou=system | |||||||||||||
6.1 | cn=test | cn=joe+cn=plumber | no | dn: cn=test, ou=system | dn: cn=joe+cn=plumber, ou=system | dn: cn=joe+cn=plumber, ou=system | |||||||||||||
6.2 | cn=test | cn=joe+cn=small | no | dn: cn=test, ou=system | dn: cn=joe+cn=small, ou=system | dn: cn=joe+cn=small, ou=system | |||||||||||||
7.1 | cn=test | cn=joe+cn=plumber | yes | dn: cn=test, ou=system | dn: cn=joe+cn=plumber, ou=system | dn: cn=joe+cn=plumber, ou=system | |||||||||||||
7.2 | cn=test | cn=joe+cn=small | yes | dn: cn=test, ou=system | dn: cn=joe+cn=small, ou=system | dn: cn=joe+cn=small, ou=system | |||||||||||||
8.1 | cn=test | cn=small+cn=test | no | dn: cn=test, ou=system | dn: cn=small+cn=test, ou=system | dn: cn=small+cn=test, ou=system | |||||||||||||
8.2 | cn=test | cn=big+cn=test+ | no | dn: cn=test, ou=system | dn: cn=big+cn=test+cn=small, | dn: cn=big+cn=test+cn=small, | |||||||||||||
9.1 | cn=test | cn=small+cn=test | yes | dn: cn=test, ou=system | dn: cn=small+cn=test, ou=system | dn: cn=small+cn=test,ou=system | |||||||||||||
9.2 | cn=test | cn=big+cn=test+ | yes | dn: cn=test, ou=system | dn: cn=big+cn=test+cn=small, | dn: cn=big+cn=test+cn=small, | |||||||||||||
10.1 | cn=small+cn=test | cn=joe+cn=plumber | no | dn: cn=small+cn=test, ou=system | dn: cn=joe+cn=plumber, ou=system | dn: cn=joe+cn=plumber, ou=system | |||||||||||||
10.2 | cn=small+cn=test | cn=joe+cn=big | no | dn: cn=small+cn=test, ou=system | dn: cn=joe+cn=big, ou=system | dn: cn=joe+cn=big, ou=system | |||||||||||||
11.1 | cn=small+cn=test | cn=joe+cn=plumber | yes | dn: cn=small+cn=test, ou=system | dn: cn=joe+cn=plumber, ou=system | dn: cn=joe+cn=plumber, ou=system | |||||||||||||
11.2 | cn=small+cn=test | ||||||||||||||||||
case | deleteoldrdn | new superior | modifying ldif | resulting entry | reverse ldif | ||||||||||||||
1 | no | none | dn: cn=test, dc=example, dc=com | dn: cn=joe, dc=example, dc=com | cn=joe, dc=example, dc=com | 2 | no | none | +cn=big | yes | dn: cn=small+ dn: cn=test, dc=example, dc=com ou=system | dn: cn=joe+sncn=the plumberbig, ou=system , | dn: cn=joe+sn=the plumber, | 3 | no | none | cn=big, ou=system dn: cn=test, dc=example, dc=com | dn: cn=test+sn=this is a test, | - |
12.1 | cn=small+cn=test | cn=joe+cn=test | no | dn: cn=small+cn=test, ou=system | dn: cn=joe+cn=test, ou=system | 1.2 | no | none | dn: cn=test, dc=example, dc=com | dn: cn=joe+sn=the plumber, dc=example, dc=com | dn: cn=joe+sncn=the plumber, dc=example, dc=com | ||||||||
12.2 | cn=small+cn=test | cn=big+cn=test | no | 2 | yes | none | dn: cn=small+cn=test, dc=example, dc=com ou=system | dn: cn=joebig+cn=test, ou=system , dc=example, dc=com | dn: cn=joe, dc=example, dc=com big+cn=test, ou=system | 3 | no | ou=system | dn: small+cn=test , dc=example, dc=org | ||||||
13.1 | cn=small+cn=test dn: cn=joe, ou=system | cn=joe, ou=system | 4 | yes | +cn=test | yes ou=system | dn: cn=small+cn=test, dc=example, dc=org ou=system | dn: cn=joe+cn=test, ou=system | dn: cn=joe+cn=test, ou=system | 5 | test | ||||||||
13.2 | cn=small+cn=test | cn=big+cn=test | yes | no | ou=system | dn: cn=test, dc=example, dc=org small+cn=test, ou=system | dn: cn=big+cn=test, ou=system | dn: cn=test, ou=system |
Computing the reverse LDIF for a ModifyDN request follows the algorithm :
if the newRdn is different from the existing RDN
big+cn=test, ou=system |
The following picture represent all the different cases as a decision tree :
then reverseLdif.deleteOldRdn = true
else reverseLdif.deleteOldRdn = false
if modifyDn.newSuperior not empty
then reverseLdif.newSuperior = modifyDn.dn minus the modifyDN.dn.getRDN
reverseLdif.newRdn = modifyDn.dn.getRDN