[Fedora-directory-users] Help needed migrating from Sun ONE to Fedora DS 1.1

Rich Megginson rmeggins at redhat.com
Thu Feb 7 21:33:02 UTC 2008 

Chris Waltham wrote:
> I'm reasonably new to LDAP and very new to Fedora's DirectoryServer. 
> I'm trying to "migrate" (I use the term loosely) from a Sun ONE 
> (specifically, JES 2004Q2, which is Directory Server 5.2) LDAP server 
> to a Fedora Core 8 server running DS 1.1.0 (installed from a yum 
> respository's binary).
>
> My problems are twofold: I have custom schema authored by Bowdoin (a 
> college, my employer), and I have schema that comes from Sun's 
> implementation of LDAP. For example, on the Sun server, 99user.ldif 
> contains the following:
>
> objectClasses: ( nsmsgCfgmtaautoreplyhandler-oid NAME 
> 'nsmsgCfgmtaautoreplyhan
>  dler' SUP top STRUCTURAL MUST cn MAY ( nsmsgDefaultecho $ 
> nsmsgDefaultreply
>  $ nsmsgDefaultvacation ) X-ORIGIN ( 'iPlanet Messaging Server 
> configuration'
>   'user defined' ) )
>
> (which is for iPlanet, a part of Sun's... well, whatever)
>
> As well as:
>
> attributeTypes: ( majorname-oid NAME 'majorname' DESC 'Major Full 
> Name' SYNTAX
>   1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
>
> Which is used to track students' majors. I tried following the 
> instructions I found here: 
> http://www.redhat.com/docs/manuals/dir-server/MigrateFromSun.html and 
> "converting" the 99user.ldif file into a more typical LDIF and adding 
> that with ldapmodify, but that didn't work particularly well -- a lot 
> of the Sun-specific schema was rejected by Fedora DS. Then I tried 
> removing what I thought was the Sun schema extensions leaving 
> Bowdoin's extensions, and that seemed to work (with one or two strange 
> exceptions).
>
> However, when I tried to import the LDIF full of users from the Sun 
> system (which I dumped with db2ldif), I get a whole host of errors: 
> mostly things like "Error adding object 'dn: 
> cn=Administrators,o=Bowdoin College,c=US'.  The error sent by the 
> server was 'Object class violation. attribute "mgmanmembervisibility" 
> not allowed". I'm no expert, but I presume this is because the LDIF of 
> users still contains references to the Sun schema attributes. So, here 
> are my questions:
>
> * why can't I import the Sun schema if that's what I want to do?
You should be able to do that.  It's really odd that Sun defined schema 
is in 99user.ldif - that file is reserved solely for user defined schema 
added via LDAP.  You'll have to post the errors here so we can address 
the issues.
> * if I can't import the Sun schema, is there an easy way of stripping 
> out the Sun attributes from a 10,000-user LDIF file?
If you are a Perl hacker, you could use Mozilla perldap (included with 
the fedora ds software) or Net::LDAP (probably bundled with your linux 
OS perl distribution).  If you prefer python, python-ldap also has an 
LDIF parser.
>
> Thanks,
>
>
> Chris
>
>
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20080207/3bfd70b1/attachment.bin>

More information about the 389-users mailing list