Comments inline below
Jet Young wrote:
> Now I want to create a new server in Fedora Directory 7.1 with these
> data. But I found some problems.
> 1.In NS directory 4.1, I only need to copy those files to the relative
> directory and everything will be ok. But now, I can't find any files
> named "sldap_user_at.conf" or "sladp_user_oc.conf".
Local schema is now in slapd-<instance>/config/schema/99user.ldif, and
both objectclasses (slapd_user_oc.conf) and attributes
(slapd_user_oc.conf) are in that file. However, they are in a different
format in 5.x+ than they were in 4.x. Attribute types changes as well
(i.e. they don't call it cis, ces, etc.) Probably the easiest thing to
do would be to go into the FDS console, and recreate the schema in the
FDS server. Be sure you use exactly the same names, and match up the
old types with the new (i.e. cis is now directoryString, ces is
IA5String, I believe).
> 2.The DB used in Fedora Directory 7.1 is version 4, but the db files I
> backuped is version 2. I don't know if they are compatible.
If you still have the Netscape 4.x software around, I'd restore to that,
then export the database to ldif. Not only have the db files changed,
but other db related things have changed as well - in 4.x, all ldap
suffixes were in a common db, whereas starting with 5.x, the directory
stored each suffix in a separate db, so more than just the db version
has changed. You can do one of the following to export from 4.x
(assuming your suffix for users/groups is o=isp - change this to
whatever is appropriate for your server):
1. Use server tools to export to ldif:
cd /usr/netscape/server4/bin/slapd/server
./ns-slapd db2ldif -f
/usr/netscape/server4/slapd-<inst>/config/slapd.conf -n -a
/path/to/export.ldif -s "o=isp"
Replace <inst> with whatever you have. You want to run the above,
rather than just db2ldif, because db2ldif will export replication
agreements, o=netscaperoot, etc into your ldif, which you don't want (if
you overwrite or add to o=netscaperoot in FDS, you can really mess
things up). You really just want your user/group tree.
2. Alternately, you can run
ldapsearch -D"cn=directory manager" -w <dm password> -b "o=isp" -L
"objectclass=*" "aci" "*">/path/to/export.ldif
This assumes the Sun ldapsearch. If you are running openldap's
ldapsearch, use -x instead of -L. Note that the search may not return
operational attributes unless you specifically ask for them ("aci" "*"
says to return the aci operational attribute as well as all normal
attributes). If you have password policies, you need to add those
attributes (i.e. passwordexpirationtime, etc).
One you have the ldif, you should be able to import it into FDS
(assuming you have created the same suffix in FDS), and it should be
compatible (including ACI's, etc).
- Jeff
