[Fedora-directory-users] Help needed migrating from Sun ONE to Fedora DS 1.1

Rich Megginson rmeggins at redhat.com
Thu Feb 7 21:56:48 UTC 2008 

Chris Waltham wrote:
> On Feb 7, 2008, at 4:33 PM, Rich Megginson wrote:
>
>> Chris Waltham wrote:
>>> * why can't I import the Sun schema if that's what I want to do?
>> You should be able to do that.  It's really odd that Sun defined 
>> schema is in 99user.ldif - that file is reserved solely for user 
>> defined schema added via LDAP.  You'll have to post the errors here 
>> so we can address the issues.
>
> I did one better: I simply copied the entire config/schema/ directory 
> from the Sun box to the Fedora box, and tried to restart Fedora DS.
It would probably be better to only copy the files not already in the 
Fedora DS schema directory e.g. pseudocode

for file in sun/config/schema/*.ldif
  name=`basename $file`
  if [ ! -f /etc/dirsrv/slapd-instancename/schema/$name ] ; then
    cp $file /etc/dirsrv/slapd-instancename/schema/$name
  fi
done

Because the Fedora DS schema has changed someone.  For starters, our new 
00core.ldif contains only the very core essential schema required to 
start the server - the non-essential schema has been moved to 
01common.ldif.  Their 00core.ldif probably still contains everything.  
So if you overwrite the fedora ds 00core.ldif with theirs, chaos will ensue.
> I got some non-fatal errors:
>
> [root at hebron slapd-hebron]# /etc/init.d/dirsrv start
> Starting dirsrv:
>     hebron...[07/Feb/2008:16:41:00 -0500] - Entry "cn=SNMP,cn=config" 
> -- attribute "nssnmpname" not allowed
> [07/Feb/2008:16:41:00 -0500] - Entry "cn=PAM Pass Through 
> Auth,cn=plugins,cn=config" has unknown object class "pamConfig"
> [07/Feb/2008:16:41:00 -0500] - Entry "cn=Kerberos uid 
> mapping,cn=mapping,cn=sasl,cn=config" has unknown object class 
> "nsSaslMapping"
> [07/Feb/2008:16:41:00 -0500] - Entry "cn=rfc 2829 dn 
> syntax,cn=mapping,cn=sasl,cn=config" has unknown object class 
> "nsSaslMapping"
> [07/Feb/2008:16:41:00 -0500] - Entry "cn=rfc 2829 u 
> syntax,cn=mapping,cn=sasl,cn=config" has unknown object class 
> "nsSaslMapping"
> [07/Feb/2008:16:41:00 -0500] - Entry "cn=uid 
> mapping,cn=mapping,cn=sasl,cn=config" has unknown object class 
> "nsSaslMapping"
> [07/Feb/2008:16:41:00 -0500] - Entry "cn=SNMP,cn=config" -- attribute 
> "nssnmpname" not allowed
>                                                            [  OK  ]
>
> That gave me some hope, so then I tried to import my database from an 
> LDAP. FWIW, this is how I generated the LDIF on the Sun box:
>
> db2ldif 'o=Bowdoin College, c=US'
>
> Then I just tried this in Fedora:
>
> /usr/lib/dirsrv/slapd-hebron/ldif2db -s 'o=Bowdoin College, c=US' -i 
> /path/to/dumpfile.ldif
>
> And I got the following errors:
>
> importing data ...
> [07/Feb/2008:16:41:08 -0500] - Entry "cn=SNMP,cn=config" -- attribute 
> "nssnmpname" not allowed
> [07/Feb/2008:16:41:08 -0500] - Entry "cn=PAM Pass Through 
> Auth,cn=plugins,cn=config" has unknown object class "pamConfig"
> [07/Feb/2008:16:41:08 -0500] - Entry "cn=Kerberos uid 
> mapping,cn=mapping,cn=sasl,cn=config" has unknown object class 
> "nsSaslMapping"
> [07/Feb/2008:16:41:08 -0500] - Entry "cn=rfc 2829 dn 
> syntax,cn=mapping,cn=sasl,cn=config" has unknown object class 
> "nsSaslMapping"
> [07/Feb/2008:16:41:08 -0500] - Entry "cn=rfc 2829 u 
> syntax,cn=mapping,cn=sasl,cn=config" has unknown object class 
> "nsSaslMapping"
> [07/Feb/2008:16:41:08 -0500] - Entry "cn=uid 
> mapping,cn=mapping,cn=sasl,cn=config" has unknown object class 
> "nsSaslMapping"
> [07/Feb/2008:16:41:08 -0500] - Entry "cn=SNMP,cn=config" -- attribute 
> "nssnmpname" not allowed
> [07/Feb/2008:16:41:08 -0500] - ERROR 2: There is no backend instance 
> to import to.
>
> To be honest, I am a little confused at the relationship between 
> instances and backends. From what I can see, Sun includes the 
> following instances: userRoot, internetdb, pab and netscapeRoot (and 
> possibly others?). But, I only have one suffix that I need, which is 
> o=Bowdoin College, c=US.
You might try the migrate-ds-admin.pl script.  It might be able to 
handle the Sun data.  Use -o /opt/iplanet or whatever they use for their 
server root directory.

If migration does not work, then you will at least have to create a 
database and configure a suffix for o=Bowdoin College, c=US
See - 
http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Configuring_Directory_Databases.html
>
>
> Chris
>
>>
>>> * if I can't import the Sun schema, is there an easy way of 
>>> stripping out the Sun attributes from a 10,000-user LDIF file?
>> If you are a Perl hacker, you could use Mozilla perldap (included 
>> with the fedora ds software) or Net::LDAP (probably bundled with your 
>> linux OS perl distribution).  If you prefer python, python-ldap also 
>> has an LDIF parser.
>>>
>>> Thanks,
>>>
>>>
>>> Chris
>
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20080207/6c063966/attachment.bin>

More information about the 389-users mailing list