Chris Waltham wrote:
I'm reasonably new to LDAP and very new to Fedora's
DirectoryServer.
I'm trying to "migrate" (I use the term loosely) from a Sun ONE
(specifically, JES 2004Q2, which is Directory Server 5.2) LDAP server
to a Fedora Core 8 server running DS 1.1.0 (installed from a yum
respository's binary).
My problems are twofold: I have custom schema authored by Bowdoin (a
college, my employer), and I have schema that comes from Sun's
implementation of LDAP. For example, on the Sun server, 99user.ldif
contains the following:
objectClasses: ( nsmsgCfgmtaautoreplyhandler-oid NAME
'nsmsgCfgmtaautoreplyhan
dler' SUP top STRUCTURAL MUST cn MAY ( nsmsgDefaultecho $
nsmsgDefaultreply
$ nsmsgDefaultvacation ) X-ORIGIN ( 'iPlanet Messaging Server
configuration'
'user defined' ) )
(which is for iPlanet, a part of Sun's... well, whatever)
As well as:
attributeTypes: ( majorname-oid NAME 'majorname' DESC 'Major Full
Name' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
Which is used to track students' majors. I tried following the
instructions I found here:
http://www.redhat.com/docs/manuals/dir-server/MigrateFromSun.html and
"converting" the 99user.ldif file into a more typical LDIF and adding
that with ldapmodify, but that didn't work particularly well -- a lot
of the Sun-specific schema was rejected by Fedora DS. Then I tried
removing what I thought was the Sun schema extensions leaving
Bowdoin's extensions, and that seemed to work (with one or two strange
exceptions).
However, when I tried to import the LDIF full of users from the Sun
system (which I dumped with db2ldif), I get a whole host of errors:
mostly things like "Error adding object 'dn:
cn=Administrators,o=Bowdoin College,c=US'. The error sent by the
server was 'Object class violation. attribute "mgmanmembervisibility"
not allowed". I'm no expert, but I presume this is because the LDIF of
users still contains references to the Sun schema attributes. So, here
are my questions:
* why can't I import the Sun schema if that's what I want to do?
You should
be able to do that. It's really odd that Sun defined schema
is in 99user.ldif - that file is reserved solely for user defined schema
added via LDAP. You'll have to post the errors here so we can address
the issues.
* if I can't import the Sun schema, is there an easy way of
stripping
out the Sun attributes from a 10,000-user LDIF file?
If you are a Perl hacker, you
could use Mozilla perldap (included with
the fedora ds software) or Net::LDAP (probably bundled with your linux
OS perl distribution). If you prefer python, python-ldap also has an
LDIF parser.
Thanks,
Chris
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users