[Fedora-directory-users] Help needed migrating from Sun ONE to Fedora DS 1.1

Chris Waltham cwaltham at bowdoin.edu
Thu Feb 7 21:21:50 UTC 2008 

I'm reasonably new to LDAP and very new to Fedora's DirectoryServer.  
I'm trying to "migrate" (I use the term loosely) from a Sun ONE  
(specifically, JES 2004Q2, which is Directory Server 5.2) LDAP server  
to a Fedora Core 8 server running DS 1.1.0 (installed from a yum  
respository's binary).

My problems are twofold: I have custom schema authored by Bowdoin (a  
college, my employer), and I have schema that comes from Sun's  
implementation of LDAP. For example, on the Sun server, 99user.ldif  
contains the following:

objectClasses: ( nsmsgCfgmtaautoreplyhandler-oid NAME  
'nsmsgCfgmtaautoreplyhan
  dler' SUP top STRUCTURAL MUST cn MAY ( nsmsgDefaultecho $  
nsmsgDefaultreply
  $ nsmsgDefaultvacation ) X-ORIGIN ( 'iPlanet Messaging Server  
configuration'
   'user defined' ) )

(which is for iPlanet, a part of Sun's... well, whatever)

As well as:

attributeTypes: ( majorname-oid NAME 'majorname' DESC 'Major Full  
Name' SYNTAX
   1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )

Which is used to track students' majors. I tried following the  
instructions I found here: http://www.redhat.com/docs/manuals/dir-server/MigrateFromSun.html 
  and "converting" the 99user.ldif file into a more typical LDIF and  
adding that with ldapmodify, but that didn't work particularly well --  
a lot of the Sun-specific schema was rejected by Fedora DS. Then I  
tried removing what I thought was the Sun schema extensions leaving  
Bowdoin's extensions, and that seemed to work (with one or two strange  
exceptions).

However, when I tried to import the LDIF full of users from the Sun  
system (which I dumped with db2ldif), I get a whole host of errors:  
mostly things like "Error adding object 'dn:  
cn=Administrators,o=Bowdoin College,c=US'.  The error sent by the  
server was 'Object class violation. attribute "mgmanmembervisibility"  
not allowed". I'm no expert, but I presume this is because the LDIF of  
users still contains references to the Sun schema attributes. So, here  
are my questions:

* why can't I import the Sun schema if that's what I want to do?
* if I can't import the Sun schema, is there an easy way of stripping  
out the Sun attributes from a 10,000-user LDIF file?

Thanks,


Chris

More information about the 389-users mailing list