[389-users] Migration Issues With Admin Server LDIF Import
Brian Provenzano
bproven at gmail.com
Mon Mar 15 19:15:44 UTC 2010
To answer your other questions:
> Does the entry o=NetscapeRoot exist?
> Does ou=mcs.local, o=NetscapeRoot exist?
> Does cn=ldap.mcs.local, ou=mcs.local, o=NetscapeRoot exist?
Yes. All of those exist in the original (source) server's database
(o=NetscapeRoot, etc). I can see these easily using the admin console on
the source server.
I guess I'll have to familiarize myself with dbscan or ldapsearch to see if
they exist on the new server. However, I thought the purpose of the
migration was that it would create these objects (and in the required
order?) if they did not exist on the destination - especially since the
destination should be empty at the time of the migration/import. Anyway,
I'll try to look around - might take awhile since I'm not totally familiar
with these CLI tools.
On Mon, Mar 15, 2010 at 12:59 PM, Brian Provenzano <bproven at gmail.com>wrote:
> The FQDN look the fine to me. I tried to be very careful about this
> pitfall.
>
> NEW server:
> # hostname --fqdn
> ldap.mcs.local
>
> OLD server:
> #hostname --fqdn
> ldap.mcs.local
>
>
> On Mon, Mar 15, 2010 at 12:38 PM, Rich Megginson <rmeggins at redhat.com>wrote:
>
>> Brian Provenzano wrote:
>> > Exist in the destination you mean?
>> If it was migrated at all, yes.
>> > or in the source on the original FDS 1.0.4 server?
>> Yes, if the migration did not get to that point yet.
>> >
>> > This is a fresh install of 389 for the migration and I have not run
>> > setup (per migration docs), so I assume it does not exist yet? Should
>> it?
>> It depends on how far migration got before it failed.
>> > Should I run setup first to create and then run migrate? I did not
>> > do this since the docs state not to.
>> Right.
>> >
>> > This is what I did to get to this point (not sure if this helps in
>> > case I missed a step):
>> >
>> > Old CentOS 4.3 server with FDS 1.0.4 :
>> > ------------------------------------
>> > -Stop ldap server (admin and server processes) using the init scripts
>> >
>> > -Create the LDIF files to dump the databases to LDIF: cd
>> > /opt/fedora-ds/slapd-ldap
>> > ./db2ldif -n userRoot -a /opt/fedora-ds/slapd-ldap/db/userRoot.ldif
>> > ./db2ldif -n NetscapeRoot -a
>> > /opt/fedora-ds/slapd-ldap/db/NetscapeRoot.ldif
>> >
>> > -tar up the directory: tar -cpvf fedora-ds.tar fedora-ds
>> >
>> > -move the tar file to the /tmp dir of the new destination server
>> > CentOS 5.4 (389 server already installed via 'yum install 389-ds' per
>> > the docs using EPEL. This installed fine.). Per the docs here (
>> >
>> http://www.redhat.com/docs/manuals/dir-server/8.1/install/Installation_Guide-Migration_Procedure.html
>> > ) I did not run the setup-ds-admin.pl <http://setup-ds-admin.pl> due
>> > to the warning note in the migration docs.
>> >
>> > -extract the tar to /tmp on the new server (tar -xpvf fedora.tar)
>> >
>> > -remove the 10presense.ldif file (per our other conversation regarding
>> > my other issue - conflict with source ldif).
>> >
>> > -run the migration script as follows: ./migrate-ds-admin.pl
>> > <http://migrate-ds-admin.pl> --oldsroot /tmp/fedora-ds --actualsroot
>> > /opt/fedora-ds General.ConfigDirectoryAdminPwd='mypassword'
>> What is the FQDN of the old machine you are migrating from? Is it
>> exactly the same as the new FQDN?
>> >
>> >
>> >
>> >
>> > On Mon, Mar 15, 2010 at 11:26 AM, Rich Megginson <rmeggins at redhat.com
>> > <mailto:rmeggins at redhat.com>> wrote:
>> >
>> > Brian Provenzano wrote:
>> > > Thanks for the tip. I have the following in my
>> > > /var/log/dirsrv/slapd-ldap/access log:
>> > >
>> > > [15/Mar/2010:10:42:44 -0600] conn=1 fd=64 slot=64 connection from
>> > > 192.168.1.20 to 192.168.1.20
>> > > [15/Mar/2010:10:42:44 -0600] conn=1 op=0 BIND dn="" method=128
>> > version=3
>> > > [15/Mar/2010:10:42:44 -0600] conn=1 op=0 RESULT err=0 tag=97
>> > > nentries=0 etime=0 dn=""
>> > > [15/Mar/2010:10:42:44 -0600] conn=1 op=1 SRCH
>> base="o=NetscapeRoot"
>> > > scope=2 filter="(uid=admin)" attrs="dn"
>> > > [15/Mar/2010:10:42:44 -0600] conn=1 op=1 RESULT err=0 tag=101
>> > > nentries=1 etime=0
>> > > [15/Mar/2010:10:42:44 -0600] conn=1 op=2 BIND dn="uid=admin,
>> > > ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" method
>> > > =128 version=3
>> > > [15/Mar/2010:10:42:44 -0600] conn=1 op=2 RESULT err=0 tag=97
>> > > nentries=0 etime=0 dn="uid=admin,ou=administrators,ou=topologyma
>> > > nagement,o=netscaperoot"
>> > > [15/Mar/2010:10:42:44 -0600] conn=1 op=3 SRCH base="cn=389
>> > > Administration Server, cn=Server Group, cn=ldap.mcs.local, ou=mcs.
>> > > local, o=NetscapeRoot" scope=0 filter="(objectClass=*)" attrs="*
>> > aci aci"
>> > > [15/Mar/2010:10:42:44 -0600] conn=1 op=3 RESULT err=32 tag=101
>> > > nentries=0 etime=0
>> > Does the entry o=NetscapeRoot exist?
>> > Does ou=mcs.local, o=NetscapeRoot exist?
>> > Does cn=ldap.mcs.local, ou=mcs.local, o=NetscapeRoot exist?
>> > > [15/Mar/2010:10:42:44 -0600] conn=1 op=4 SRCH
>> > > base="cn=admin-serv-ldap, cn=389 Administration Server, cn=Server
>> > > Group, cn=lda
>> > > p.mcs.local, ou=mcs.local, o=NetscapeRoot" scope=0
>> > > filter="(objectClass=*)" attrs="* aci aci"
>> > > [15/Mar/2010:10:42:44 -0600] conn=1 op=4 RESULT err=32 tag=101
>> > > nentries=0 etime=0
>> > > [15/Mar/2010:10:42:44 -0600] conn=1 op=5 SRCH
>> > base="cn=configuration,
>> > > cn=admin-serv-ldap, cn=389 Administration Server, cn=Se
>> > > rver Group, cn=ldap.mcs.local, ou=mcs.local, o=NetscapeRoot"
>> scope=0
>> > > filter="(objectClass=*)" attrs="* aci aci"
>> > > [15/Mar/2010:10:42:44 -0600] conn=1 op=5 RESULT err=32 tag=101
>> > > nentries=0 etime=0
>> > > [15/Mar/2010:10:42:44 -0600] conn=1 op=6 SRCH base="cn=encryption,
>> > > cn=configuration, cn=admin-serv-ldap, cn=389 Administratio
>> > > n Server, cn=Server Group, cn=ldap.mcs.local, ou=mcs.local,
>> > > o=NetscapeRoot" scope=0 filter="(objectClass=*)" attrs="* aci aci
>> > > "
>> > > [15/Mar/2010:10:42:44 -0600] conn=1 op=6 RESULT err=32 tag=101
>> > > nentries=0 etime=0
>> > > [15/Mar/2010:10:42:44 -0600] conn=1 op=7 SRCH base="cn=Tasks,
>> > > cn=admin-serv-ldap, cn=389 Administration Server, cn=Server Gro
>> > > up, cn=ldap.mcs.local, ou=mcs.local, o=NetscapeRoot" scope=0
>> > > filter="(objectClass=*)" attrs="* aci aci"
>> > > [15/Mar/2010:10:42:44 -0600] conn=1 op=7 RESULT err=32 tag=101
>> > > nentries=0 etime=0
>> > > [15/Mar/2010:10:42:44 -0600] conn=1 op=8 ADD dn="cn=Tasks,
>> > > cn=admin-serv-ldap, cn=389 Administration Server, cn=Server Group,
>> > > cn=ldap.mcs.local, ou=mcs.local, o=NetscapeRoot"
>> > > [15/Mar/2010:10:42:44 -0600] conn=1 op=8 RESULT err=32 tag=105
>> > > nentries=0 etime=0
>> > > [15/Mar/2010:10:42:44 -0600] conn=1 op=9 UNBIND
>> > > [15/Mar/2010:10:42:44 -0600] conn=1 op=9 fd=64 closed - U1
>> > >
>> > >
>> > > The "ADD" specified in the migration log is the same one here that
>> > > appears to fail (I guess). Sorry for my ignorance, but I have
>> > no idea
>> > > how to resolve this.
>> > >
>> > >
>> > >
>> > > On Mon, Mar 15, 2010 at 9:30 AM, Rich Megginson
>> > <rmeggins at redhat.com <mailto:rmeggins at redhat.com>
>> > > <mailto:rmeggins at redhat.com <mailto:rmeggins at redhat.com>>> wrote:
>> > >
>> > > Brian Provenzano wrote:
>> > > > I'm still on the road to trying to migrate from FDS 1.0.4
>> > to 389 DS
>> > > > 1.2.5. Thanks to Rich's help yesterday in a previous
>> > thread (Cross
>> > > > Migration Problem From FDS 1.0.x to 386 Directory Server)
>> > I was able
>> > > > to fix an import issue with an existing ldif schema
>> > (presense.ldif).
>> > > >
>> > > > Anyway, I am now running to the following issue when the
>> > migration
>> > > > script tries to read/migrate my data from LDIF ( I have a
>> > > > userRoot.ldif and NetscapeRoot.ldif). I assume it is the
>> > > > NetscapeRoot.ldif that is the issue:
>> > > >
>> > > >
>> > > > # ./migrate-ds-admin.pl <http://migrate-ds-admin.pl>
>> > <http://migrate-ds-admin.pl>
>> > > <http://migrate-ds-admin.pl> --oldsroot
>> > > > /tmp/fedora-ds --actualsroot /opt/fedora-ds
>> > > > General.ConfigDirectoryAdminPwd='mypassword'
>> > > > Beginning migration of Directory and Administration
>> > servers from
>> > > > /tmp/fedora-ds . . .
>> > > > Beginning migration of directory server instances in
>> > > /tmp/fedora-ds . . .
>> > > > Your new DS instance 'slapd-ldap' was successfully created.
>> > > > Beginning migration of Administration server from
>> > /tmp/fedora-ds
>> > > . . .
>> > > > Creating Admin Server files and directories . . .
>> > > > dn: cn=Tasks, cn=admin-serv-ldap, cn=389 Administration
>> > Server,
>> > > > cn=Server Grou
>> > > > p, cn=ldap.mcs.local, ou=mcs.local, o=NetscapeRoot
>> > > > objectclass: top
>> > > > objectclass: nsResourceRef
>> > > > cn: Tasks
>> > > > Error adding entry 'cn=Tasks, cn=admin-serv-ldap, cn=389
>> > > > Administration Server, cn=Server Group, cn=ldap.mcs.local,
>> > > > ou=mcs.local, o=NetscapeRoot'. Error: No such object
>> > > > Exiting . . .
>> > > > Log file is '/tmp/migrate5naZZB.log'
>> > > >
>> > > >
>> > > > Here is the /tmp/migrate5naZZB.log' log file:
>> > > > ---------------------
>> > > > [10/03/12:10:58:57] - [Migration] Info Beginning migration
>> of
>> > > > Directory and Administration servers from /tmp/fedora-ds . .
>> .
>> > > > [10/03/12:10:58:57] - [Migration] Info Beginning migration
>> of
>> > > > directory server instances in /tmp/fedora-ds . . .
>> > > > [10/03/12:10:59:00] - [Migration] Info Your new DS instance
>> > > > 'slapd-ldap' was successfully created.
>> > > > [10/03/12:10:59:13] - [Migration] Info Copying
>> > > > /tmp/fedora-ds/alias/slapd-ldap-cert8.db to
>> > > > /etc/dirsrv/slapd-ldap/cert8.db
>> > > > [10/03/12:10:59:13] - [Migration] Info Copying
>> > > > /tmp/fedora-ds/alias/slapd-ldap-key3.db to
>> > > /etc/dirsrv/slapd-ldap/key3.db
>> > > > [10/03/12:10:59:13] - [Migration] Info Copying
>> > > > /tmp/fedora-ds/alias/secmod.db to
>> > /etc/dirsrv/slapd-ldap/secmod.db
>> > > > [10/03/12:10:59:13] - [Migration] Info No
>> > > > /tmp/fedora-ds/alias/slapd-ldap-pin.txt to migrate
>> > > > [10/03/12:10:59:13] - [Migration] Info Copying
>> > > > /tmp/fedora-ds/shared/config/certmap.conf to
>> > > > /etc/dirsrv/slapd-ldap/certmap.co <http://certmap.co>
>> > <http://certmap.co>
>> > > <http://certmap.co>
>> > > > nf
>> > > > [10/03/12:10:59:14] - [Migration] Info Beginning migration
>> of
>> > > > Administration server from /tmp/fedora-ds . . .
>> > > > [10/03/12:10:59:15] - [Migration] Info Creating Admin Server
>> > > files and
>> > > > directories . . .
>> > > > [10/03/12:10:59:15] - [Migration] Debug No file to migrate:
>> > > > /tmp/fedora-ds/alias/admin-serv-ldap-cert8.db
>> > > > [10/03/12:10:59:15] - [Migration] Debug No file to migrate:
>> > > > /tmp/fedora-ds/alias/admin-serv-ldap-key3.db
>> > > > [10/03/12:10:59:15] - [Migration] Info Copying
>> > > > /tmp/fedora-ds/alias/secmod.db to
>> > /etc/dirsrv/admin-serv/secmod.db
>> > > > [10/03/12:10:59:15] - [Migration] Info No
>> > > > /tmp/fedora-ds/alias/admin-serv-ldap-pin.txt to migrate
>> > > > [10/03/12:10:59:15] - [Migration] Info Copying
>> > > > /tmp/fedora-ds/shared/config/certmap.conf to
>> > > > /etc/dirsrv/admin-serv/certmap.co <http://certmap.co>
>> > <http://certmap.co>
>> > > <http://certmap.co>
>> > > > nf
>> > > > [10/03/12:10:59:15] - [Migration] Info Error adding entry
>> > 'cn=Tasks,
>> > > > cn=admin-serv-ldap, cn=389 Administration Server, cn=Ser
>> > > > ver Group, cn=ldap.mcs.local, ou=mcs.local,
>> > o=NetscapeRoot'. Error:
>> > > > No such object
>> > > Look in the access log of your configuration directory server
>> -
>> > > look for
>> > > err=32 along with a DN that looks like the above. For an ADD
>> > > operation,
>> > > you get err=32 (No such object) when the parent of the entry
>> > you are
>> > > attempting to add cannot be found.
>> > > > [10/03/12:10:59:15] - [Migration] Fatal Exiting . . .
>> > > > Log file is '/tmp/migrate5naZZB.log'
>> > > >
>> > > >
>> > > > Thanks,
>> > > > Brian
>> > > >
>> > > >
>> > >
>> >
>> ------------------------------------------------------------------------
>> > > >
>> > > > --
>> > > > 389 users mailing list
>> > > > 389-users at lists.fedoraproject.org
>> > <mailto:389-users at lists.fedoraproject.org>
>> > > <mailto:389-users at lists.fedoraproject.org
>> > <mailto:389-users at lists.fedoraproject.org>>
>> > > > https://admin.fedoraproject.org/mailman/listinfo/389-users
>> > >
>> > > --
>> > > 389 users mailing list
>> > > 389-users at lists.fedoraproject.org
>> > <mailto:389-users at lists.fedoraproject.org>
>> > > <mailto:389-users at lists.fedoraproject.org
>> > <mailto:389-users at lists.fedoraproject.org>>
>> > > https://admin.fedoraproject.org/mailman/listinfo/389-users
>> > >
>> > >
>> > >
>> >
>> ------------------------------------------------------------------------
>> > >
>> > > --
>> > > 389 users mailing list
>> > > 389-users at lists.fedoraproject.org
>> > <mailto:389-users at lists.fedoraproject.org>
>> > > https://admin.fedoraproject.org/mailman/listinfo/389-users
>> >
>> > --
>> > 389 users mailing list
>> > 389-users at lists.fedoraproject.org
>> > <mailto:389-users at lists.fedoraproject.org>
>> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>> >
>> >
>> > ------------------------------------------------------------------------
>> >
>> > --
>> > 389 users mailing list
>> > 389-users at lists.fedoraproject.org
>> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20100315/ec644f59/attachment.html>
More information about the 389-users
mailing list