Hi again,
Finally it looks like that I’m somehow succeeded whit importing data from openLDAP to 389
DS, but I had to do a few things about which I am not sure if they are OK.
I change 99user.ldif to:
dn: cn=schema
objectClass: top
objectClass: ldapSubentry
objectClass: subschema
cn: schema
aci: (target="ldap:///cn=schema")(targetattr !="aci")(version 3.0;acl
"anonymo
us, no acis"; allow (read, search, compare) userdn = "ldap:///anyone";)
aci: (targetattr="*")(version 3.0; acl "Configuration Administrators
Group"; a
llow (all) groupdn="ldap:///cn=Configuration Administrators,ou=Groups,ou=Topo
logyManagement,o=NetscapeRoot";)
aci: (targetattr="*")(version 3.0; acl "Configuration Administrator";
allow (a
ll) userdn="ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=Netsc
apeRoot";)
aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all)
groupdn = "l
dap:///cn=slapd-blegos,cn=389 Directory Server,cn=Server Group,cn=blegos.csi.
iskratel.mak,ou=csi.iskratel.mak,o=NetscapeRoot";)
modifiersName: cn=directory manager
modifyTimestamp: 20170526075714Z
numSubordinates: 1
objectClasses: ( 1.3.6.1.4.1.1332.1000.30.1 NAME 'itPrepaidPinSub' DESC
'IskratelprepaidPinSub' MUST ( itPrepaidPin $ itDirectoryNumber ) )
objectClasses: ( 1.3.6.1.4.1.1332.1000.30.2 NAME 'itPrepaidCgPNSub' DESC
'IskratelprepaidCgPNSub' MUST ( itCgPN $ itDirectoryNumber ) )
…
It looks OK. I also see added attributes whit 389-console.
When I am importing the data I received this errors:
The error sent by the server was 'Object class violation. attribute
"entryuuid" not allowed
The error sent by the server was 'Object class violation. attribute
"entrycsn" not allowed
The error sent by the server was 'Object class violation. unknown object class
"labeledURIObject"
The error sent by the server was 'Object class violation. attribute
"labeledURI" not allowed
Here I just deleted those rows with commands (I am not sure, what here is the right way):
sed -i "/\b\(entryUUID\)\b/d" data_from_openLDAP.ldif
sed -i "/\b\(entryCSN\)\b/d" data_from_openLDAP.ldif
sed -i "/\b\(labeledURIObject\)\b/d" data_from_openLDAP.ldif
sed -i "/\b\(labeledURI\)\b/d" data_from_openLDAP.ldif
Another error was:
Error: the SUBSTR matching rule [caseIgnoreSubstringsMatch] is not compatible with the
syntax [1.3.6.1.4.1.1466.115.121.1.27] for the attribute [itUserPolicyProfileId]
Here again I just delete all “SUBSTR caseIgnoreSubstringsMatch” from exported data ldif
file. (What here?)
Then I must change all user passwords, because I cannot import md5 passwords. Here is
probably setting while exporting data that passwords are in plain text?
So change was from:
userPassword:: e01ENX1VSnlnNGJSbmcxRlB1NE43ZFlWYkdnPT0=
to:
userPassword: test
After that, import succeeded.
Best Regards,
Blaz