[389-users] Migration Issues With Admin Server LDIF Import
Brian Provenzano
bproven at gmail.com
Mon Mar 15 19:45:27 UTC 2010
I ran the migrate with the debug flag as requested. It spits out about
2000+ lines of debug. Is this list OK with me posting/emailing that many
lines? I can gladly post it.
On Mon, Mar 15, 2010 at 1:21 PM, Rich Megginson <rmeggins at redhat.com> wrote:
> Brian Provenzano wrote:
> > To answer your other questions:
> >
> > > Does the entry o=NetscapeRoot exist?
> > > Does ou=mcs.local, o=NetscapeRoot exist?
> > > Does cn=ldap.mcs.local, ou=mcs.local, o=NetscapeRoot exist?
> > Yes. All of those exist in the original (source) server's database
> > (o=NetscapeRoot, etc). I can see these easily using the admin console
> > on the source server.
> Ok. Then I'm not really sure what's going on. Try starting over, and
> then run migrate-ds-admin.pl with the -ddd flag to enable full debugging.
> >
> > I guess I'll have to familiarize myself with dbscan or ldapsearch to
> > see if they exist on the new server. However, I thought the purpose
> > of the migration was that it would create these objects (and in the
> > required order?) if they did not exist on the destination - especially
> > since the destination should be empty at the time of the
> > migration/import. Anyway, I'll try to look around - might take
> > awhile since I'm not totally familiar with these CLI tools.
> >
> >
> >
> > On Mon, Mar 15, 2010 at 12:59 PM, Brian Provenzano <bproven at gmail.com
> > <mailto:bproven at gmail.com>> wrote:
> >
> > The FQDN look the fine to me. I tried to be very careful about
> > this pitfall.
> >
> > NEW server:
> > # hostname --fqdn
> > ldap.mcs.local
> >
> > OLD server:
> > #hostname --fqdn
> > ldap.mcs.local
> >
> >
> > On Mon, Mar 15, 2010 at 12:38 PM, Rich Megginson
> > <rmeggins at redhat.com <mailto:rmeggins at redhat.com>> wrote:
> >
> > Brian Provenzano wrote:
> > > Exist in the destination you mean?
> > If it was migrated at all, yes.
> > > or in the source on the original FDS 1.0.4 server?
> > Yes, if the migration did not get to that point yet.
> > >
> > > This is a fresh install of 389 for the migration and I have
> > not run
> > > setup (per migration docs), so I assume it does not exist
> > yet? Should it?
> > It depends on how far migration got before it failed.
> > > Should I run setup first to create and then run migrate?
> > I did not
> > > do this since the docs state not to.
> > Right.
> > >
> > > This is what I did to get to this point (not sure if this
> > helps in
> > > case I missed a step):
> > >
> > > Old CentOS 4.3 server with FDS 1.0.4 :
> > > ------------------------------------
> > > -Stop ldap server (admin and server processes) using the
> > init scripts
> > >
> > > -Create the LDIF files to dump the databases to LDIF: cd
> > > /opt/fedora-ds/slapd-ldap
> > > ./db2ldif -n userRoot -a
> > /opt/fedora-ds/slapd-ldap/db/userRoot.ldif
> > > ./db2ldif -n NetscapeRoot -a
> > > /opt/fedora-ds/slapd-ldap/db/NetscapeRoot.ldif
> > >
> > > -tar up the directory: tar -cpvf fedora-ds.tar fedora-ds
> > >
> > > -move the tar file to the /tmp dir of the new destination
> server
> > > CentOS 5.4 (389 server already installed via 'yum install
> > 389-ds' per
> > > the docs using EPEL. This installed fine.). Per the docs
> > here (
> > >
> >
> http://www.redhat.com/docs/manuals/dir-server/8.1/install/Installation_Guide-Migration_Procedure.html
> > > ) I did not run the setup-ds-admin.pl
> > <http://setup-ds-admin.pl> <http://setup-ds-admin.pl> due
> > > to the warning note in the migration docs.
> > >
> > > -extract the tar to /tmp on the new server (tar -xpvf
> > fedora.tar)
> > >
> > > -remove the 10presense.ldif file (per our other conversation
> > regarding
> > > my other issue - conflict with source ldif).
> > >
> > > -run the migration script as follows: ./migrate-ds-admin.pl
> > <http://migrate-ds-admin.pl>
> > > <http://migrate-ds-admin.pl> --oldsroot /tmp/fedora-ds
> > --actualsroot
> > > /opt/fedora-ds General.ConfigDirectoryAdminPwd='mypassword'
> > What is the FQDN of the old machine you are migrating from? Is
> it
> > exactly the same as the new FQDN?
> > >
> > >
> > >
> > >
> > > On Mon, Mar 15, 2010 at 11:26 AM, Rich Megginson
> > <rmeggins at redhat.com <mailto:rmeggins at redhat.com>
> > > <mailto:rmeggins at redhat.com <mailto:rmeggins at redhat.com>>>
> > wrote:
> > >
> > > Brian Provenzano wrote:
> > > > Thanks for the tip. I have the following in my
> > > > /var/log/dirsrv/slapd-ldap/access log:
> > > >
> > > > [15/Mar/2010:10:42:44 -0600] conn=1 fd=64 slot=64
> > connection from
> > > > 192.168.1.20 to 192.168.1.20
> > > > [15/Mar/2010:10:42:44 -0600] conn=1 op=0 BIND dn=""
> > method=128
> > > version=3
> > > > [15/Mar/2010:10:42:44 -0600] conn=1 op=0 RESULT err=0
> > tag=97
> > > > nentries=0 etime=0 dn=""
> > > > [15/Mar/2010:10:42:44 -0600] conn=1 op=1 SRCH
> > base="o=NetscapeRoot"
> > > > scope=2 filter="(uid=admin)" attrs="dn"
> > > > [15/Mar/2010:10:42:44 -0600] conn=1 op=1 RESULT err=0
> > tag=101
> > > > nentries=1 etime=0
> > > > [15/Mar/2010:10:42:44 -0600] conn=1 op=2 BIND
> > dn="uid=admin,
> > > > ou=Administrators, ou=TopologyManagement,
> > o=NetscapeRoot" method
> > > > =128 version=3
> > > > [15/Mar/2010:10:42:44 -0600] conn=1 op=2 RESULT err=0
> > tag=97
> > > > nentries=0 etime=0
> > dn="uid=admin,ou=administrators,ou=topologyma
> > > > nagement,o=netscaperoot"
> > > > [15/Mar/2010:10:42:44 -0600] conn=1 op=3 SRCH
> base="cn=389
> > > > Administration Server, cn=Server Group,
> > cn=ldap.mcs.local, ou=mcs.
> > > > local, o=NetscapeRoot" scope=0
> > filter="(objectClass=*)" attrs="*
> > > aci aci"
> > > > [15/Mar/2010:10:42:44 -0600] conn=1 op=3 RESULT err=32
> > tag=101
> > > > nentries=0 etime=0
> > > Does the entry o=NetscapeRoot exist?
> > > Does ou=mcs.local, o=NetscapeRoot exist?
> > > Does cn=ldap.mcs.local, ou=mcs.local, o=NetscapeRoot exist?
> > > > [15/Mar/2010:10:42:44 -0600] conn=1 op=4 SRCH
> > > > base="cn=admin-serv-ldap, cn=389 Administration
> > Server, cn=Server
> > > > Group, cn=lda
> > > > p.mcs.local, ou=mcs.local, o=NetscapeRoot" scope=0
> > > > filter="(objectClass=*)" attrs="* aci aci"
> > > > [15/Mar/2010:10:42:44 -0600] conn=1 op=4 RESULT err=32
> > tag=101
> > > > nentries=0 etime=0
> > > > [15/Mar/2010:10:42:44 -0600] conn=1 op=5 SRCH
> > > base="cn=configuration,
> > > > cn=admin-serv-ldap, cn=389 Administration Server, cn=Se
> > > > rver Group, cn=ldap.mcs.local, ou=mcs.local,
> > o=NetscapeRoot" scope=0
> > > > filter="(objectClass=*)" attrs="* aci aci"
> > > > [15/Mar/2010:10:42:44 -0600] conn=1 op=5 RESULT err=32
> > tag=101
> > > > nentries=0 etime=0
> > > > [15/Mar/2010:10:42:44 -0600] conn=1 op=6 SRCH
> > base="cn=encryption,
> > > > cn=configuration, cn=admin-serv-ldap, cn=389
> Administratio
> > > > n Server, cn=Server Group, cn=ldap.mcs.local,
> > ou=mcs.local,
> > > > o=NetscapeRoot" scope=0 filter="(objectClass=*)"
> > attrs="* aci aci
> > > > "
> > > > [15/Mar/2010:10:42:44 -0600] conn=1 op=6 RESULT err=32
> > tag=101
> > > > nentries=0 etime=0
> > > > [15/Mar/2010:10:42:44 -0600] conn=1 op=7 SRCH
> > base="cn=Tasks,
> > > > cn=admin-serv-ldap, cn=389 Administration Server,
> > cn=Server Gro
> > > > up, cn=ldap.mcs.local, ou=mcs.local, o=NetscapeRoot"
> > scope=0
> > > > filter="(objectClass=*)" attrs="* aci aci"
> > > > [15/Mar/2010:10:42:44 -0600] conn=1 op=7 RESULT err=32
> > tag=101
> > > > nentries=0 etime=0
> > > > [15/Mar/2010:10:42:44 -0600] conn=1 op=8 ADD
> dn="cn=Tasks,
> > > > cn=admin-serv-ldap, cn=389 Administration Server,
> > cn=Server Group,
> > > > cn=ldap.mcs.local, ou=mcs.local, o=NetscapeRoot"
> > > > [15/Mar/2010:10:42:44 -0600] conn=1 op=8 RESULT err=32
> > tag=105
> > > > nentries=0 etime=0
> > > > [15/Mar/2010:10:42:44 -0600] conn=1 op=9 UNBIND
> > > > [15/Mar/2010:10:42:44 -0600] conn=1 op=9 fd=64 closed -
> U1
> > > >
> > > >
> > > > The "ADD" specified in the migration log is the same
> > one here that
> > > > appears to fail (I guess). Sorry for my ignorance,
> > but I have
> > > no idea
> > > > how to resolve this.
> > > >
> > > >
> > > >
> > > > On Mon, Mar 15, 2010 at 9:30 AM, Rich Megginson
> > > <rmeggins at redhat.com <mailto:rmeggins at redhat.com>
> > <mailto:rmeggins at redhat.com <mailto:rmeggins at redhat.com>>
> > > > <mailto:rmeggins at redhat.com
> > <mailto:rmeggins at redhat.com> <mailto:rmeggins at redhat.com
> > <mailto:rmeggins at redhat.com>>>> wrote:
> > > >
> > > > Brian Provenzano wrote:
> > > > > I'm still on the road to trying to migrate from
> > FDS 1.0.4
> > > to 389 DS
> > > > > 1.2.5. Thanks to Rich's help yesterday in a
> > previous
> > > thread (Cross
> > > > > Migration Problem From FDS 1.0.x to 386
> > Directory Server)
> > > I was able
> > > > > to fix an import issue with an existing ldif schema
> > > (presense.ldif).
> > > > >
> > > > > Anyway, I am now running to the following issue
> > when the
> > > migration
> > > > > script tries to read/migrate my data from LDIF (
> > I have a
> > > > > userRoot.ldif and NetscapeRoot.ldif). I assume
> > it is the
> > > > > NetscapeRoot.ldif that is the issue:
> > > > >
> > > > >
> > > > > # ./migrate-ds-admin.pl
> > <http://migrate-ds-admin.pl> <http://migrate-ds-admin.pl>
> > > <http://migrate-ds-admin.pl>
> > > > <http://migrate-ds-admin.pl> --oldsroot
> > > > > /tmp/fedora-ds --actualsroot /opt/fedora-ds
> > > > > General.ConfigDirectoryAdminPwd='mypassword'
> > > > > Beginning migration of Directory and Administration
> > > servers from
> > > > > /tmp/fedora-ds . . .
> > > > > Beginning migration of directory server instances
> in
> > > > /tmp/fedora-ds . . .
> > > > > Your new DS instance 'slapd-ldap' was
> > successfully created.
> > > > > Beginning migration of Administration server from
> > > /tmp/fedora-ds
> > > > . . .
> > > > > Creating Admin Server files and directories . . .
> > > > > dn: cn=Tasks, cn=admin-serv-ldap, cn=389
> > Administration
> > > Server,
> > > > > cn=Server Grou
> > > > > p, cn=ldap.mcs.local, ou=mcs.local, o=NetscapeRoot
> > > > > objectclass: top
> > > > > objectclass: nsResourceRef
> > > > > cn: Tasks
> > > > > Error adding entry 'cn=Tasks,
> > cn=admin-serv-ldap, cn=389
> > > > > Administration Server, cn=Server Group,
> > cn=ldap.mcs.local,
> > > > > ou=mcs.local, o=NetscapeRoot'. Error: No such
> > object
> > > > > Exiting . . .
> > > > > Log file is '/tmp/migrate5naZZB.log'
> > > > >
> > > > >
> > > > > Here is the /tmp/migrate5naZZB.log' log file:
> > > > > ---------------------
> > > > > [10/03/12:10:58:57] - [Migration] Info Beginning
> > migration of
> > > > > Directory and Administration servers from
> > /tmp/fedora-ds . . .
> > > > > [10/03/12:10:58:57] - [Migration] Info Beginning
> > migration of
> > > > > directory server instances in /tmp/fedora-ds . . .
> > > > > [10/03/12:10:59:00] - [Migration] Info Your new
> > DS instance
> > > > > 'slapd-ldap' was successfully created.
> > > > > [10/03/12:10:59:13] - [Migration] Info Copying
> > > > > /tmp/fedora-ds/alias/slapd-ldap-cert8.db to
> > > > > /etc/dirsrv/slapd-ldap/cert8.db
> > > > > [10/03/12:10:59:13] - [Migration] Info Copying
> > > > > /tmp/fedora-ds/alias/slapd-ldap-key3.db to
> > > > /etc/dirsrv/slapd-ldap/key3.db
> > > > > [10/03/12:10:59:13] - [Migration] Info Copying
> > > > > /tmp/fedora-ds/alias/secmod.db to
> > > /etc/dirsrv/slapd-ldap/secmod.db
> > > > > [10/03/12:10:59:13] - [Migration] Info No
> > > > > /tmp/fedora-ds/alias/slapd-ldap-pin.txt to migrate
> > > > > [10/03/12:10:59:13] - [Migration] Info Copying
> > > > > /tmp/fedora-ds/shared/config/certmap.conf to
> > > > > /etc/dirsrv/slapd-ldap/certmap.co
> > <http://certmap.co> <http://certmap.co>
> > > <http://certmap.co>
> > > > <http://certmap.co>
> > > > > nf
> > > > > [10/03/12:10:59:14] - [Migration] Info Beginning
> > migration of
> > > > > Administration server from /tmp/fedora-ds . . .
> > > > > [10/03/12:10:59:15] - [Migration] Info Creating
> > Admin Server
> > > > files and
> > > > > directories . . .
> > > > > [10/03/12:10:59:15] - [Migration] Debug No file
> > to migrate:
> > > > > /tmp/fedora-ds/alias/admin-serv-ldap-cert8.db
> > > > > [10/03/12:10:59:15] - [Migration] Debug No file
> > to migrate:
> > > > > /tmp/fedora-ds/alias/admin-serv-ldap-key3.db
> > > > > [10/03/12:10:59:15] - [Migration] Info Copying
> > > > > /tmp/fedora-ds/alias/secmod.db to
> > > /etc/dirsrv/admin-serv/secmod.db
> > > > > [10/03/12:10:59:15] - [Migration] Info No
> > > > > /tmp/fedora-ds/alias/admin-serv-ldap-pin.txt to
> > migrate
> > > > > [10/03/12:10:59:15] - [Migration] Info Copying
> > > > > /tmp/fedora-ds/shared/config/certmap.conf to
> > > > > /etc/dirsrv/admin-serv/certmap.co
> > <http://certmap.co> <http://certmap.co>
> > > <http://certmap.co>
> > > > <http://certmap.co>
> > > > > nf
> > > > > [10/03/12:10:59:15] - [Migration] Info Error
> > adding entry
> > > 'cn=Tasks,
> > > > > cn=admin-serv-ldap, cn=389 Administration
> > Server, cn=Ser
> > > > > ver Group, cn=ldap.mcs.local, ou=mcs.local,
> > > o=NetscapeRoot'. Error:
> > > > > No such object
> > > > Look in the access log of your configuration
> > directory server -
> > > > look for
> > > > err=32 along with a DN that looks like the above.
> > For an ADD
> > > > operation,
> > > > you get err=32 (No such object) when the parent of
> > the entry
> > > you are
> > > > attempting to add cannot be found.
> > > > > [10/03/12:10:59:15] - [Migration] Fatal Exiting
> > . . .
> > > > > Log file is '/tmp/migrate5naZZB.log'
> > > > >
> > > > >
> > > > > Thanks,
> > > > > Brian
> > > > >
> > > > >
> > > >
> > >
> >
> ------------------------------------------------------------------------
> > > > >
> > > > > --
> > > > > 389 users mailing list
> > > > > 389-users at lists.fedoraproject.org
> > <mailto:389-users at lists.fedoraproject.org>
> > > <mailto:389-users at lists.fedoraproject.org
> > <mailto:389-users at lists.fedoraproject.org>>
> > > > <mailto:389-users at lists.fedoraproject.org
> > <mailto:389-users at lists.fedoraproject.org>
> > > <mailto:389-users at lists.fedoraproject.org
> > <mailto:389-users at lists.fedoraproject.org>>>
> > > > >
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
> > > >
> > > > --
> > > > 389 users mailing list
> > > > 389-users at lists.fedoraproject.org
> > <mailto:389-users at lists.fedoraproject.org>
> > > <mailto:389-users at lists.fedoraproject.org
> > <mailto:389-users at lists.fedoraproject.org>>
> > > > <mailto:389-users at lists.fedoraproject.org
> > <mailto:389-users at lists.fedoraproject.org>
> > > <mailto:389-users at lists.fedoraproject.org
> > <mailto:389-users at lists.fedoraproject.org>>>
> > > >
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
> > > >
> > > >
> > > >
> > >
> >
> ------------------------------------------------------------------------
> > > >
> > > > --
> > > > 389 users mailing list
> > > > 389-users at lists.fedoraproject.org
> > <mailto:389-users at lists.fedoraproject.org>
> > > <mailto:389-users at lists.fedoraproject.org
> > <mailto:389-users at lists.fedoraproject.org>>
> > > >
> https://admin.fedoraproject.org/mailman/listinfo/389-users
> > >
> > > --
> > > 389 users mailing list
> > > 389-users at lists.fedoraproject.org
> > <mailto:389-users at lists.fedoraproject.org>
> > > <mailto:389-users at lists.fedoraproject.org
> > <mailto:389-users at lists.fedoraproject.org>>
> > > https://admin.fedoraproject.org/mailman/listinfo/389-users
> > >
> > >
> > >
> >
> ------------------------------------------------------------------------
> > >
> > > --
> > > 389 users mailing list
> > > 389-users at lists.fedoraproject.org
> > <mailto:389-users at lists.fedoraproject.org>
> > > https://admin.fedoraproject.org/mailman/listinfo/389-users
> >
> > --
> > 389 users mailing list
> > 389-users at lists.fedoraproject.org
> > <mailto:389-users at lists.fedoraproject.org>
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > --
> > 389 users mailing list
> > 389-users at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20100315/be019cc9/attachment.html>
More information about the 389-users
mailing list