Thanks for helping. I followed your direction and exported another LDIF for my 2nd database but whenever I try to load it I get an error message "ldap_add: Operations error".
Here's a little information on my DIT hierarchy.
Database 1: dc=foo,dc=com
Database 2: dc=new_foo,dc=foo,dc=com
I ran the ldif2db.pl using the verbose switch and here's the output.
ldapmodify: started Wed Jun 23 17:11:34 2010
ldap_init( <hostname>, 389 )
add objectclass:
top
extensibleObject
add cn:
import_2010_6_23_17_11_34
add nsInstance:
userRoot
add nsFilename:
/home/chud/OLAY/LDAP_REPOPULATION_TEST/second_dit.ldif
add nsImportChunkSize:
0
add nsUniqueIdGenerator:
time
adding new entry cn=import_2010_6_23_17_11_34, cn=import, cn=tasks, cn=config
ldap_add: Operations error
At this point, I am stuck. Do you have any idea what went wrong? The reload of the root database does work but when I reload the 2nd database that sits underneath in the root database in the DIT it doesn't work.
Thanks in advance!
- David
On Tue, Jun 22, 2010 at 6:58 PM, Rich Megginson <rmeggins@xxxxxxxxxx> wrote:
Chun Tat David Chu wrote:
> Thanks Rich,> reload after I ran ldif2db.pl <http://ldif2db.pl> script
>
> I did more experiment, and I noticed one of my database didn't get
>> When I ran the ldif2db.pl <http://ldif2db.pl> script, only the root
> My DIT has a root database and then a sub database under the root
> database. When I did the export, I exported from the root database.
> database get reloaded but not the sub database.Yes. You need an LDIF for each database.
>
> Do you have any ideas?
>
> Thanks in advance
>
> - David
>
> On Tue, Jun 22, 2010 at 5:30 PM, Rich Megginson <rmeggins@xxxxxxxxxx
> > I did some testing and it appears to be working as you expected.> > foo.com <http://foo.com> <http://foo.com>, ou=tscei.dd-x.com
> > The steps involve
> > 1) Export the directory database to a LDIF
> > 2) Reload the directory database
> > 3) Reinitialize the consumer
> >
> > I have another question. I noticed there's an ACI on the directory
> > database LDIF.
> > aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all)
> > groupdn = "l
> > dap:///cn=slapd-foo, cn=Red Hat Directory Server, cn=Server
> Group, cn=
> <http://tscei.dd-x.com> <http://tscei.dd-x.com>,
> > o=NetscapeRoot";)
> >
> > Do I need to modify the hostname in that ACI if I want to load the
> > same directory database into another LDAP? Essentially I want
> to use
> > a basic directory database LDIF and load it to a bunch of different
> > development LDAP we have. Some LDAPs are multi-mastered configured
> > and most are not.
> No, you do not need to change that hostname.
> >
> > Thanks in advance
> >
> > - David
> >
> > On Tue, Jun 22, 2010 at 2:43 PM, Rich Megginson
> <rmeggins@xxxxxxxxxx <mailto:rmeggins@xxxxxxxxxx>
> > <mailto:rmeggins@xxxxxxxxxx <mailto:rmeggins@xxxxxxxxxx>>> wrote:
> >
> > Chun Tat David Chu wrote:
> > > Another question about directory re-population.
> > >
> > > If I want to create a generic LDIF backup for a bunch of test
> > > directory servers, in the exported LDIF file, should I
> remove the
> > > following attributes? or it doesn't really matter?
> > > nsUniqueId: 795dca00-5fa011df-8de2866b-a65dc74a
> > > creatorsName:
> > > modifiersName: cn=directory manager
> > > createTimestamp: 20100514213428Z
> > > modifyTimestamp: 20100514213430Z
> > I don't think it matters. I suppose you might want to keep
> > createTimestamp and modifyTimestamp just for your own
> information.
> > >
> > > My LDIF backup will be imported back to the LDAP using
> > ldif2db.pl <http://ldif2db.pl> <http://ldif2db.pl>
> > > <http://ldif2db.pl>.
> > >
> > > - David
> > >
> > > On Fri, Jun 18, 2010 at 4:40 PM, Chun Tat David Chu
> > > <beyonddc.storage@xxxxxxxxx
> <mailto:beyonddc.storage@xxxxxxxxx>
> <mailto:beyonddc.storage@xxxxxxxxx
> <mailto:beyonddc.storage@xxxxxxxxx>>
> > <mailto:beyonddc.storage@xxxxxxxxx
> <mailto:beyonddc.storage@xxxxxxxxx>
> > <mailto:beyonddc.storage@xxxxxxxxx
> <mailto:beyonddc.storage@xxxxxxxxx>>>> wrote:
> > >
> > > Thanks Rich, I'll give that a try.
> > >
> > >
> > > On Fri, Jun 18, 2010 at 4:20 PM, Rich Megginson
> > > <rmeggins@xxxxxxxxxx <mailto:rmeggins@xxxxxxxxxx>
> <mailto:rmeggins@xxxxxxxxxx <mailto:rmeggins@xxxxxxxxxx>>
> > <mailto:rmeggins@xxxxxxxxxx <mailto:rmeggins@xxxxxxxxxx>
> <mailto:rmeggins@xxxxxxxxxx <mailto:rmeggins@xxxxxxxxxx>>>> wrote:
> > >
> > > Chun Tat David Chu wrote:
> > <mailto:rmeggins@xxxxxxxxxx <mailto:rmeggins@xxxxxxxxxx>>>>>> > > > Hi Rich,
> > > >
> > > > Thanks for replying.
> > > >
> > > > Just making sure I'm using the right utility. To
> > > reinitialize the
> > > > directory, I use the ldif2db.pl
> <http://ldif2db.pl> <http://ldif2db.pl>
> > <http://ldif2db.pl>
> > > <http://ldif2db.pl> Perl script right?
> > > Yes, if you need to restore _all_ servers from an LDIF
> > backup.
> > > The
> > > reason I say _all_ is that when you do a restore
> from a
> > "raw"
> > > LDIF file,
> > > this wipes out all of the replication state
> information and
> > > changelog
> > > information. This means you will have to use this
> server to
> > > re-init
> > > other masters and consumers - (I mean re-init in the
> > sense of
> > > Initializing Consumers -
> > >
> >
> http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Managing_Replication-Initializing_Consumers.html)
> > >
> > > You can use db2ldif.pl <http://db2ldif.pl>
> <http://db2ldif.pl>
> > <http://db2ldif.pl> -r to create an
> > > LDIF file suitable for offline
> > > replica init
> > > >
> > > > - David
> > > >
> > > > On Fri, Jun 18, 2010 at 3:58 PM, Rich Megginson
> > > <rmeggins@xxxxxxxxxx <mailto:rmeggins@xxxxxxxxxx>
> <mailto:rmeggins@xxxxxxxxxx <mailto:rmeggins@xxxxxxxxxx>>
> > <mailto:rmeggins@xxxxxxxxxx <mailto:rmeggins@xxxxxxxxxx>
> <mailto:rmeggins@xxxxxxxxxx <mailto:rmeggins@xxxxxxxxxx>>>
> > > > <mailto:rmeggins@xxxxxxxxxx
> <mailto:rmeggins@xxxxxxxxxx>
> > <mailto:rmeggins@xxxxxxxxxx <mailto:rmeggins@xxxxxxxxxx>>
> <mailto:rmeggins@xxxxxxxxxx <mailto:rmeggins@xxxxxxxxxx>
> > > wrote:
> > > >
> > > > Chun Tat David Chu wrote:
> > > > > Hi all,
> > > > >
> > > > > I am hitting an issue with reinitializing the
> > > directory database.
> > > > >
> > > > > Basically I have two directory servers and
> they're
> > > configured using
> > > > > multi-master replication scheme.
> > > > >
> > > > > When I reinitialize the directory
> database, the
> > > directory became
> > > > > inaccessible. I think it is related with my
> > multi-master
> > > > replication
> > > > > setup because when I use only reinitialize
> one LDAP,
> > > it would work
> > > > > just fine
> > > > >
> > > > > My question is if multi-master replication is
> > enabled
> > > on two LDAPs
> > > > > then do I need to reinitialize both LDAPs
> at the
> > same
> > > time or
> > > > just one
> > > > > LDAP?
> > > > If you use one master (m1) to re-init the
> other master
> > > (m2), you
> > > > do not
> > > > need to then use m2 to re-init m2.
> > > > >
> > > > > Thanks!
> > > > >
> > > > > - David
> > > > >
> > > > > On Fri, May 14, 2010 at 4:42 PM, Chun Tat
> David Chu
> > > > > <beyonddc.storage@xxxxxxxxx
> <mailto:beyonddc.storage@xxxxxxxxx>
> > <mailto:beyonddc.storage@xxxxxxxxx
> <mailto:beyonddc.storage@xxxxxxxxx>>
> > > <mailto:beyonddc.storage@xxxxxxxxx
> <mailto:beyonddc.storage@xxxxxxxxx>
> > <mailto:beyonddc.storage@xxxxxxxxx
> <mailto:beyonddc.storage@xxxxxxxxx>>>
> > > <mailto:beyonddc.storage@xxxxxxxxx
> <mailto:beyonddc.storage@xxxxxxxxx>
> > <mailto:beyonddc.storage@xxxxxxxxx
> <mailto:beyonddc.storage@xxxxxxxxx>>
> > > <mailto:beyonddc.storage@xxxxxxxxx
> <mailto:beyonddc.storage@xxxxxxxxx>
> > <mailto:beyonddc.storage@xxxxxxxxx
> <mailto:beyonddc.storage@xxxxxxxxx>>>>
> > > > <mailto:beyonddc.storage@xxxxxxxxx
> <mailto:beyonddc.storage@xxxxxxxxx>
> > <mailto:beyonddc.storage@xxxxxxxxx
> <mailto:beyonddc.storage@xxxxxxxxx>>
> > > <mailto:beyonddc.storage@xxxxxxxxx
> <mailto:beyonddc.storage@xxxxxxxxx>
> > <mailto:beyonddc.storage@xxxxxxxxx
> <mailto:beyonddc.storage@xxxxxxxxx>>>
> > > > <mailto:beyonddc.storage@xxxxxxxxx
> <mailto:beyonddc.storage@xxxxxxxxx>
> > <mailto:beyonddc.storage@xxxxxxxxx
> <mailto:beyonddc.storage@xxxxxxxxx>>
> > > <mailto:beyonddc.storage@xxxxxxxxx
> <mailto:beyonddc.storage@xxxxxxxxx>
> > <mailto:beyonddc.storage@xxxxxxxxx
> <mailto:beyonddc.storage@xxxxxxxxx>>>>>> wrote:
> > > > >
> > > > > Reinitializing the directory database
> does the
> > > trick! I'm going
> > > > > to do more testing on it.
> > > > >
> > > > > Thanks a lot!
> > > > >
> > > > > - David
> > > > >
> > > > >
> > > > > On Fri, May 14, 2010 at 1:43 PM, David
> Boreham
> > > > > <david_list@xxxxxxxxxxx
> <mailto:david_list@xxxxxxxxxxx>
> > <mailto:david_list@xxxxxxxxxxx <mailto:david_list@xxxxxxxxxxx>>
> > > <mailto:david_list@xxxxxxxxxxx
> <mailto:david_list@xxxxxxxxxxx>
> > <mailto:david_list@xxxxxxxxxxx
> <mailto:david_list@xxxxxxxxxxx>>> <mailto:david_list@xxxxxxxxxxx
> <mailto:david_list@xxxxxxxxxxx>
> > <mailto:david_list@xxxxxxxxxxx <mailto:david_list@xxxxxxxxxxx>>
> > > <mailto:david_list@xxxxxxxxxxx
> <mailto:david_list@xxxxxxxxxxx>
> > <mailto:david_list@xxxxxxxxxxx
> <mailto:david_list@xxxxxxxxxxx>>>>
> > > > <mailto:david_list@xxxxxxxxxxx
> <mailto:david_list@xxxxxxxxxxx>
> > <mailto:david_list@xxxxxxxxxxx <mailto:david_list@xxxxxxxxxxx>>
> > > <mailto:david_list@xxxxxxxxxxx
> <mailto:david_list@xxxxxxxxxxx>
> > <mailto:david_list@xxxxxxxxxxx
> <mailto:david_list@xxxxxxxxxxx>>> <mailto:david_list@xxxxxxxxxxx
> <mailto:david_list@xxxxxxxxxxx>
> > <mailto:david_list@xxxxxxxxxxx <mailto:david_list@xxxxxxxxxxx>>
> > > <mailto:david_list@xxxxxxxxxxx
> <mailto:david_list@xxxxxxxxxxx>
> > <mailto:david_list@xxxxxxxxxxx
> <mailto:david_list@xxxxxxxxxxx>>>>>>
> > > > wrote:
> > > > >
> > > > > On 5/14/2010 11:40 AM, Chun Tat David
> > Chu wrote:
> > > > > >
> > > > > > We use 389 Directory as part of our
> > > development lab.
> > > > Every
> > > > > time when
> > > > > > we do a new test, we need to
> > repopulate our 389
> > > > directory to
> > > > > a clean
> > > > > > slate (i.e. delete all existing
> data and
> > > re-create a base
> > > > > hierarchy
> > > > > > tree).
> > > > > >
> > > > > > Our current way of doing so is
> simply
> > using
> > > the ldapdelete
> > > > > command to
> > > > > > remove all existing data and use
> > ldapadd to
> > > re-create
> > > > the base
> > > > > > hierarchy tree. This approach
> is okay but
> > > sometime it
> > > > could
> > > > > take up
> > > > > > to 20 to 30 minutes to delete all
> > existing data
> > > > depending on the
> > > > > > amount of data saved in the
> directory.
> > > > > >
> > > > > > Is there a more efficient way to
> > repopulate
> > > the 389
> > > > Directory?
> > > > >
> > > > > Yes. Import an almost empty LDIF file.
> > You can
> > > also copy the
> > > > > on-disk
> > > > > database underneath a server (when
> it is
> > shut
> > > down), if you
> > > > > know what
> > > > > you're doing.
> > > > >
> > > > > --
> > > > > 389 users mailing list
> > > > > 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>>
> > > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>>>
> > > > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>>
> > > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>>>>
> > > > >
> > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>>
> > > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>>>
> > > > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>>
> > > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>>>>>
> > > > >
> > >
> https://admin.fedoraproject.org/mailman/listinfo/389-users
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > >
> >
> ------------------------------------------------------------------------
> > > > >
> > > > > --
> > > > > 389 users mailing list
> > > > > 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>>
> > > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>>>
> > > > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>>
> > > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>>>>
> > > > >
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
> > > >
> > > > --
> > > > 389 users mailing list
> > > > 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>>
> > > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>>>
> > > > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>>
> > > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>>>>
> > > >
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
> > > >
> > > >
> > > >
> > >
> >
> ------------------------------------------------------------------------
> > > >
> > > > --
> > > > 389 users mailing list
> > > > 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>>
> > > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>>>
> > > >
> https://admin.fedoraproject.org/mailman/listinfo/389-users
> > >
> > > --
> > > 389 users mailing list
> > > 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>>
> > > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>>>
> > >
> https://admin.fedoraproject.org/mailman/listinfo/389-users
> > >
> > >
> > >
> > >
> >
> ------------------------------------------------------------------------
> > >
> > > --
> > > 389 users mailing list
> > > 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>>
> > > https://admin.fedoraproject.org/mailman/listinfo/389-users
> >
> > --
> > 389 users mailing list
> > 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>>
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
> >
> >
> >
> ------------------------------------------------------------------------
> >
> > --
> > 389 users mailing list
> > 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
