Hi again, Finally it looks like that I’m somehow succeeded whit importing data from openLDAP to 389 DS, but I had to do a few things about which I am not sure if they are OK. I change 99user.ldif to: dn: cn=schema objectClass: top objectClass: ldapSubentry objectClass: subschema cn: schema aci: (target="ldap:///cn=schema";)(targetattr !="aci")(version 3.0;acl "anonymo us, no acis"; allow (read, search, compare) userdn = "ldap:///anyone";;) aci: (targetattr="*")(version 3.0; acl "Configuration Administrators Group"; a llow (all) groupdn="ldap:///cn=Configuration Administrators,ou=Groups,ou=Topo logyManagement,o=NetscapeRoot";) aci: (targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (a ll) userdn="ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=Netsc apeRoot";) aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all) groupdn = "l dap:///cn=slapd-blegos,cn=389 Directory Server,cn=Server Group,cn=blegos.csi. iskratel.mak,ou=csi.iskratel.mak,o=NetscapeRoot";) modifiersName: cn=directory manager modifyTimestamp: 20170526075714Z numSubordinates: 1 objectClasses: ( 1.3.6.1.4.1.1332.1000.30.1 NAME 'itPrepaidPinSub' DESC 'IskratelprepaidPinSub' MUST ( itPrepaidPin $ itDirectoryNumber ) ) objectClasses: ( 1.3.6.1.4.1.1332.1000.30.2 NAME 'itPrepaidCgPNSub' DESC 'IskratelprepaidCgPNSub' MUST ( itCgPN $ itDirectoryNumber ) ) … It looks OK. I also see added attributes whit 389-console. When I am importing the data I received this errors: The error sent by the server was 'Object class violation. attribute "entryuuid" not allowed The error sent by the server was 'Object class violation. attribute "entrycsn" not allowed The error sent by the server was 'Object class violation. unknown object class "labeledURIObject" The error sent by the server was 'Object class violation. attribute "labeledURI" not allowed Here I just deleted those rows with commands (I am not sure, what here is the right way): sed -i "/\b\(entryUUID\)\b/d" data_from_openLDAP.ldif sed -i "/\b\(entryCSN\)\b/d" data_from_openLDAP.ldif sed -i "/\b\(labeledURIObject\)\b/d" data_from_openLDAP.ldif sed -i "/\b\(labeledURI\)\b/d" data_from_openLDAP.ldif Another error was: Error: the SUBSTR matching rule [caseIgnoreSubstringsMatch] is not compatible with the syntax [1.3.6.1.4.1.1466.115.121.1.27] for the attribute [itUserPolicyProfileId] Here again I just delete all “SUBSTR caseIgnoreSubstringsMatch” from exported data ldif file. (What here?) Then I must change all user passwords, because I cannot import md5 passwords. Here is probably setting while exporting data that passwords are in plain text? So change was from: userPassword:: e01ENX1VSnlnNGJSbmcxRlB1NE43ZFlWYkdnPT0= to: userPassword: test After that, import succeeded. Best Regards, Blaz _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
