<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">I have 2 questions for you…<div><br></div><div>1. Why are you going to 1.2.6 and not 1.2.11 which is the current maint release?</div><div><br></div><div>2. Have you looked into Chaining? It would appear to me it would be a better fit to have a new</div><div>tree and chain the old tree into the new tree. The admin guide has all the info and the deployment</div><div>guide also discusses various strategies.</div><div><br></div><div>/mrg</div><div><br></div><div><div><div>On Apr 14, 2014, at 18:32, Herb Burnswell <<a href="mailto:herbert.burnswell@gmail.com">herbert.burnswell@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr">I just wanted to bump this inquiry.<div><br></div><div>Is this a unique issue? Is there a way to export/import below the:</div><div><br></div>o=CompanyA<br>ou=CompanyA,dn=hq,dn=example,dn=com<div><br></div>
<div>Level to avoid the inconsistency?</div><div><br></div><div>Please let me know if I'm thinking about this incorrectly...</div><div><br></div><div>TIA,</div><div><br></div><div>Herb</div><div><br></div><div> </div>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Apr 10, 2014 at 6:06 PM, Herb Burnswell <span dir="ltr"><<a href="mailto:herbert.burnswell@gmail.com" target="_blank">herbert.burnswell@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">To add to this:<div><br></div><div>I have gone into the DS 7.1 Directory Server Console on the Configuration tab and drilled down to:</div>
<div><br></div><div>Data -</div><div> - o=CompanyA</div><div> -CompanyA = right click, export database</div>
<div><br></div><div>This creates the ldif file that looks like exactly what I need but the import into the new 389 1.2.6 fails with:</div><div><br></div><div>ldapmodify -a -D "cn=Administrators" -W -f /tmp/companyA.ldif -p 389 -h localhost</div>
<div><div>Enter LDAP Password: </div><div>adding new entry "o=CompanyA"</div><div>ldap_add: No such object (32)<br></div><div><br></div><div>Which makes sense.</div><div><br></div><div>Again, any assistance is greatly appreciated.</div>
<span class="HOEnZb"><font color="#888888">
<div><br></div><div>Herb</div></font></span><div><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Apr 10, 2014 at 5:51 PM, Herb Burnswell <span dir="ltr"><<a href="mailto:herbert.burnswell@gmail.com" target="_blank">herbert.burnswell@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><pre style="white-space:pre-wrap"><pre style="white-space:pre-wrap;color:rgb(34,34,34)">Thanks again for the reply Dustin. I think I'm a little over my head here. I have cleared out all the previous data from ou=CompanyA,dn=hq,dn=example,dn=com by going into the Directory Server console, selecting the 'Directory' tab and deleting and re-adding CompanyA under hq folder. I can connect to it via LDAPadmin, but as you can imagine, no data.</pre>
<pre style="white-space:pre-wrap;color:rgb(34,34,34)">Here's my confusion, the old LDAP implementation from which I need to import the data is Fedora DS 7.1 and the new LDAP implementation is 389 1.2.6. So, the old one is much older and is has a different 'structure'. </pre>
<pre style="white-space:pre-wrap;color:rgb(34,34,34)">In 7.1 in the Directory server console, Configuration tab, I have:</pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)">Data -</pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)"> - o=NetscapeRoot</pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)"> - NetscapRoot</pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)"> - o=CompanyA</pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)"> - o=CompanyA</pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)">In the 389 1.2.6 Directory server console, Configuration tab, I have:</pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)">Data -</pre>
<pre style="white-space:pre-wrap;color:rgb(34,34,34)"> - dc=hq,dc=example,dc=com</pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)"> - userRoot</pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)"> - o=netscaproot</pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)"> - NetscapRoot</pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)">So, in DS 7.1 the top level is o=CompanyA</pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)">In 389 1.2.6 the top level is ou=CompanyA,dn=hq,dn=example,dn=com</pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)">The new 'top level' is what I'd like it to be but I need everything underneath these 'top levels' to be identical. My question is how can I import the DS 7.1 o=CompanyA into the 389 1.2.6 <span style="font-family:arial">ou=CompanyA,dn=hq,dn=example,dn=com?</span></pre>
<pre style="white-space:pre-wrap;color:rgb(34,34,34)"><span style="font-family:arial"><br></span></pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)"><span style="font-family:arial">Hopefully I have not completely confused the situation here. I greatly appreciate any suggestions on how to get this working properly.</span></pre>
<pre style="white-space:pre-wrap;color:rgb(34,34,34)">TIA,</pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)">Herb</pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)"><br></pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)"><br></pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)"><br></pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)">Dustin Rice:</pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)"><pre style="white-space: pre-wrap;">The better way would be using a tool on the OS that's like db2ldif
(pretty sure most netscape LDAP deriviatives come with these).
When you do a ldapsearch like that the server won't send along some
fields (password being one of them). If you run the db2ldif it'll spit
out an ldif file then you should be able to import it with something
like ldif2db or just an ldapadd.</pre></pre><span><font color="#888888"><pre style="white-space:pre-wrap;color:rgb(34,34,34)"><br></pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)">Herb:</pre></font></span><div>
<div><pre style="white-space:pre-wrap;color:rgb(34,34,34)">Dustin thanks for the reply.</pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)">I would need everything in:</pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)">o=companyA <i style="font-family:arial">dc=hq,dc=example,dc=com</i></pre>
<pre style="white-space:pre-wrap;color:rgb(34,34,34)">Everything appears to be imported as needed except the password issue. If I reset the passwords in the new implementation it's fine but that won't work with 100's of users.</pre>
<pre style="white-space:pre-wrap;color:rgb(34,34,34)">Is this:</pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)"><div><pre style="white-space:pre-wrap"><i>ldapsearch -b "o=companyA" -D "dc=hq,dc=example,dc=com" -h </i><i>original_system > output.ldif</i></pre>
</div><pre style="white-space:pre-wrap"><i>an acceptable way of exporting everything including passwords for users or is there a better way?</i></pre><pre style="white-space:pre-wrap"><i style="font-family:arial">Thanks again,</i></pre>
<pre style="white-space:pre-wrap"><i style="font-family:arial">Herb </i><br></pre></pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)"><br></pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)">Dustin Rice:</pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)">Well, schema would be like, the list of fields whereas it looks like you </pre><pre style="white-space:pre-wrap;color:rgb(34,34,34)">might be doing a dump/load of users/groups?
On 04/10/2014 01:17 PM, Herb Burnswell wrote:
><i> All,
</i><div><div><div></div></div><div>><i>
</i>><i> I'm attempting to import an LDAP schema (is that the correct term?)
</i>><i> from one LDAP implementation to another and it appears that I may be
</i>><i> doing it incorrectly. I created a ldif file for import as:
</i>><i>
</i>><i> ldapsearch -b "o=companyA" -D "dc=hq,dc=example,dc=com" -h
</i>><i> original_system > output.ldif
</i>><i>
</i>><i> I then used the GUI in the new LDAP implementation to import the ldif
</i>><i> file. Everything seemed to work find as I have the entire tree but
</i>><i> there appears to be a problem with passwords.
</i>><i>
</i>><i> Am I missing the passwords for users with this export to ldif file?
</i>><i> What is the proper procedure to import all information from a schema
</i>><i> (is that the correct term?) to import into a new LDAP implementation?
</i>><i>
</i>><i> Thanks in advance for any assistance,
</i>><i>
</i>><i> Herb
</i>><i>
</i>><i>
</i></div></div><span><font color="#888888">><i> --
</i>><i> 389 users mailing list
</i>><i> <a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">389-users at lists.fedoraproject.org</a>
</i>><i> <a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></i></font></span></pre></div></div></pre></div>
</blockquote></div><br></div></div></div></div></div>
</blockquote></div><br></div>
--<br>389 users mailing list<br><a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>https://admin.fedoraproject.org/mailman/listinfo/389-users</blockquote></div><br></div></body></html>