Chris Waltham wrote: > I'm reasonably new to LDAP and very new to Fedora's DirectoryServer. > I'm trying to "migrate" (I use the term loosely) from a Sun ONE > (specifically, JES 2004Q2, which is Directory Server 5.2) LDAP server > to a Fedora Core 8 server running DS 1.1.0 (installed from a yum > respository's binary). > > My problems are twofold: I have custom schema authored by Bowdoin (a > college, my employer), and I have schema that comes from Sun's > implementation of LDAP. For example, on the Sun server, 99user.ldif > contains the following: > > objectClasses: ( nsmsgCfgmtaautoreplyhandler-oid NAME > 'nsmsgCfgmtaautoreplyhan > dler' SUP top STRUCTURAL MUST cn MAY ( nsmsgDefaultecho $ > nsmsgDefaultreply > $ nsmsgDefaultvacation ) X-ORIGIN ( 'iPlanet Messaging Server > configuration' > 'user defined' ) ) > > (which is for iPlanet, a part of Sun's... well, whatever) > > As well as: > > attributeTypes: ( majorname-oid NAME 'majorname' DESC 'Major Full > Name' SYNTAX > 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) > > Which is used to track students' majors. I tried following the > instructions I found here: > http://www.redhat.com/docs/manuals/dir-server/MigrateFromSun.html and > "converting" the 99user.ldif file into a more typical LDIF and adding > that with ldapmodify, but that didn't work particularly well -- a lot > of the Sun-specific schema was rejected by Fedora DS. Then I tried > removing what I thought was the Sun schema extensions leaving > Bowdoin's extensions, and that seemed to work (with one or two strange > exceptions). > > However, when I tried to import the LDIF full of users from the Sun > system (which I dumped with db2ldif), I get a whole host of errors: > mostly things like "Error adding object 'dn: > cn=Administrators,o=Bowdoin College,c=US'. The error sent by the > server was 'Object class violation. attribute "mgmanmembervisibility" > not allowed". I'm no expert, but I presume this is because the LDIF of > users still contains references to the Sun schema attributes. So, here > are my questions: > > * why can't I import the Sun schema if that's what I want to do? You should be able to do that. It's really odd that Sun defined schema is in 99user.ldif - that file is reserved solely for user defined schema added via LDAP. You'll have to post the errors here so we can address the issues. > * if I can't import the Sun schema, is there an easy way of stripping > out the Sun attributes from a 10,000-user LDIF file? If you are a Perl hacker, you could use Mozilla perldap (included with the fedora ds software) or Net::LDAP (probably bundled with your linux OS perl distribution). If you prefer python, python-ldap also has an LDIF parser. > > Thanks, > > > Chris > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20080207/3bfd70b1/attachment.bin
