On 11/8/22 4:12 PM, Christian, Mark wrote:
> On Tue, 2022-11-08 at 21:24 +0100, Julian Kippels wrote:
>> I am currently in the process of moving our LDAP-Servers from old
>> CentOS 7 Servers to new Debian 11 Servers. In the process I am
>> exporting all databases from the old server to ldif files and
>> those files on the new server.
>> When I import such a file I get a lot (basically for every single
>> of warnings and errors in the errors-log like the following:
>> [08/Nov/2022:21:01:52.272475719 +0100] - ERR - oc_check_allowed_sv -
>> Entry "cn=219058,ou=accounts,o=demo" -- attribute "entrylevelrights"
>> not allowed
>> [08/Nov/2022:21:01:52.273547001 +0100] - WARN - import_producer -
>> import demo: Skipping entry "cn=219058,ou=accounts,o=demo" which
>> violates schema, ending line 9232514 of file "/var/lib/dirsrv/slapd-
>> I can't make heads or tails of this. I exported the ldif using the
>> 389-console using "Export Databases" and I import them via Cockpit
>> using "Initialize Suffix" for the Suffix o=demo
>> I cannot find this attribute in any schema-file on either the old or
>> the new servers. Where does this come from
> a custom schema on the 1.2.2 box?
This attribute is used by GER (get effective rights) it's not supposed
to be written to the entry. At least not when you "export" the database
How did you generate these ldifs? Did you use db2ldif, or ldapsearch?
If you used ldapsearch, then stop. Please use db2ldif/db2ldif.pl
>> , and how do I solve this
> I'm curious what objectclasses are found under the
> cn=219058,ou=accounts,o=demo object, and whether entrylevelrights is
> listed as an attribute for this object.
> If so, and the attribute is unneeded, perhaps remove this attribute
> from the ldif prior to importing?
> 389-users mailing list -- firstname.lastname@example.org
> To unsubscribe send an email to email@example.com
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://firstname.lastname@example.org
> Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Directory Server Development Team
389-users mailing list -- email@example.com
To unsubscribe send an email to firstname.lastname@example.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://email@example.com
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue