Comparing two PingDirectory servers using ldap-diff
Steps
-
Use
ldap-diff
to compare the entries in two PingDirectory server instances.Ignore the
userpassword
attribute because of the one-way password hash used for the password storage scheme.Example:
$ bin/ldap-diff --outputLDIF difference.ldif \ --sourceHost server1.example.com --sourcePort 1389 \ --sourceBindDN "cn=Directory Manager" --sourceBindPassword secret1 \ --targetHost server2.example.com --targetPort 2389 \ --targetBindDN "cn=Directory Manager" --targetBindPassword secret2 \ --baseDN dc=example,dc=com --searchFilter "(objectclass=*)" "^userpassword"
-
Open the output file in a text editor to view any differences.
The file is set up so that you can re-apply the changes without any modification to the file contents. The file shows any deletes, modifies, and adds from the perspective of the source server as the authoritative source.
Example:
# This file contains the differences between two LDAP servers. # # The format of this file is the LDIF changes needed to bring server # ldap://server1.example.com:1389 in sync with server # ldap://server2.example.com:2389. # # These differences were computed by first issuing an LDAP search at both # servers under base DN dc=example,dc=com using search filter (objectclass=*) # and search scope SUB to first retrieve the DNs of all entries. And then each # entry was retrieved from each server and attributes: [^userpassword] were # compared. # # Any entries that were out-of-sync were compared a total of 3 times # waiting a minimum of 2 seconds between each attempt to account for replication # delays. # # Comparison started at [24/Feb/2010:10:34:20 -0600] # The following entries were present only on ldap://server2.example.com:2389 and # need to be deleted. This entry existed only on ldap://server1.example.com:1389 # Note: this entry might be incomplete. It only includes attributes: # [^userpassword]dn: uid=user.200,ou=People,dc=example,dc=com # objectClass: person # objectClass: inetOrgPerson ... (more attributes not shown) ... # st: DC dn: uid=user.200,ou=people,dc=example,dc=com changetype: delete # The following entries were present on both servers but were out of sync. dn: uid=user.199,ou=people,dc=example,dc=com changetype: modify add: mobile mobile: +1 300 848 9999 - delete: mobile mobile: +1 009 471 1808 # The following entries were missing on ldap://server2.example.com:2389 and need # to be added. This entry existed only on ldap://server2.example.com:2389 # Note: this entry might be incomplete. It only includes attributes: # [^userpassword] dn: uid=user.13,ou=People,dc=example,dc=com changetype: add objectClass: person objectClass: inetOrgPerson ... (more attributes not shown) ... # Comparison completed at [24/Feb/2010:10:34:25 -0600]