Using ICE to Mass-Create Objects

Novell Cool Solutions: Tip

Posted: 18 Jan 2006


A reader recently asked the following question:

"Can I use ICE to mass-create objects? Or is this just a utility for modification? For example, suppose I wanted to build a test tree structure and populate it with user accounts from an existing tree (essentially a snapshot). This would be like exporting the container structure of Tree #1 and then importing it into Testing Tree #2."

And here are responses from David Gersic and Jim Henderson ...


David Gersic:

Yes. In fact, an interesting way to do this might be to use the LDAP source and destination, so that it can pour the users across directly. Or, you can use the LDAP source and LDIF destination to build a big file containing the users you're interested in, munge the file with your favorite text-hacking tools, then use the LDIF source and LDAP destination to import it in to your new tree.

I've done this, but I did it in multiple steps. I built a complete copy of my production tree in to a development tree this way. Because of the way things are linked together, you can't do it all at once, at least not in my opinion.

So, I exported all of the containers (objectclass=organization and objectclass=organizationalunit). You can do just the DNs if you just want the names, or pick out the other attributes you want as well. You may even want all attributes. Then repeat the process for Users, Groups, OrgRoles, etc. to get all the things you care about. I did these in two different LDIF files.

Once I had them, I made any changes needed (removing stuff I didn't care about, fixing up any references needed), and imported them in this order:

  1. Containers first, to build the structure
  2. Groups (without members) to get them in place
  3. Users (without group memberships)
  4. Changes needed to put the users in the groups, etc.

I used ldapsearch and ldapadd to do this, from the openLDAP toolkit. ldapadd takes a list of DNs, and adds them. It looks like ICE may need the "changetype: add" line after each DN to tell it what to *do* with the DN you gave it.

Jim Henderson:

You also need to fill in the mandatory attributes for the object class you are creating. You can use something like this:

--- snip ---

version: 1

dn: ou=USER,o=UNCG
changetype: add
objectClass: organizationalUnit

dn: cn=username,ou=user,o=uncg
changetype: add
objectClass: inetOrgPerson
sn: surname

--- snip ---

