Originally posted by: SystemAdmin
This is actually a known problem. The APAR seems to be IY63297.
I found this in one problem report.
It will be available in 5.3 TL5, which will be available around July this year.
There is currently no ifix available for this, so, I will make a request
to our development team to create one.
One record seems to indicate that it may be better for performance to create subgroups as described here:
-
create a copy of the old group without the members and the new group
name
ldapsearch -D cn=root -w secret -L -b "ou=Groups,cn=aixdata"
"cn=oldgroup" \
| grep -v "^memberuid" | sed "s/oldgroup/newgroup/g" > newgroup.ldif
-
add the new group to LDAP
ldapadd -D cn=root -w secret -f newgroup.ldif
-
move the first 1000 memberuid to the new group
-
first create an ldif files for modifications
ldapsearch -D cn=root -w secret -L -b "ou=Groups,cn=aixdata"
"cn=oldgroup" memberuid \
| awk '{ if (NR <= 1001) print $0 }' > mod.ldif
-
edit the mod.ldif for adding to the new group:
1. change the name of the group in the first line to newgroup.
2. between the first and second line add the following lines:
changetype: modify
add: memberuid
-
add the members new group
ldapmodify -D cn=root -w secret -f mod.ldif
-
edit the mod.ldif for deleting from old group:
1. change the name of the group in the first line to oldgroup.
2. on the third line, change 'add' to 'delete'
-
delete the members from old group
ldapmodify -D cn=root -w secret -f mod.ldif
-
I have not personnaly tested this and don't guarantee it will work --
Customer said this worked prior to AIX 5.3
-
There are reasons for the limitation and these will be fixed in TL5.
As you can see, I don't have the definitive answer, but the problem is not likely the openLDAP server.
#AIX-Forum