#!/usr/bin/perl
# YOU HAVE NO WARRANTY.
# This program worked for me.  It may not work for you.  It takes an
# iPlanet .ldif file and rewrites it for ldapadd.
# Please add attributes, separated by space, to the @BAD_KEYS area.
# If you have certain objectclasses that need to be deleted, put them
# in the BAD_LINES area (following the example).  Same for DNs.

use strict;
use warnings;

our @BAD_KEYS =
  qw(aci modifiersname modifytimestamp creatorsname createtimestamp
     usercertificate;binary cacertificate;binary );
our $BAD_REGEX = '^(' . ( join '|', map { "\Q$_" } @BAD_KEYS ) . '):';

our %BAD_LINES = map { lc $_ => 1 } split /\n/, <<"_BAD_LINES_";
objectclass: certificationAuthority
_BAD_LINES_

our %BAD_DNS = map { lc $_ => 1 } split /\n/, <<"_BAD_DNS_";
cn=ldap://:389,dc=YOUR,dc=HOST,dc=NAME,dc=HERE
dc=YOUR,dc=HOST,dc=NAME,dc=HERE
_BAD_DNS_

my $NEED_KEY = '';
my $NEXT_DN  = '';
while(<>) {
  chomp;

  next if $NEXT_DN and !/^dn:/;
  $NEXT_DN++, next if /^dn:\s*(.*)/ and $BAD_DNS{lc $1};
  $NEXT_DN=0;

  next if $NEED_KEY and /^\s/;
  $NEED_KEY++, next if /$BAD_REGEX/o;
  $NEED_KEY++, next if $BAD_LINES{lc $_};
  $NEED_KEY=0;
  print;
  print "\n";
}