Tuesday, November 8, 2022

[389-users] Re: Upgrading from 1.2.2 to 1.4.4

On 11/8/22 4:12 PM, Christian, Mark wrote:
> On Tue, 2022-11-08 at 21:24 +0100, Julian Kippels wrote:
>> Hi,
>>
>> I am currently in the process of moving our LDAP-Servers from old
>> CentOS 7 Servers to new Debian 11 Servers. In the process I am
>> exporting all databases from the old server to ldif files and
>> importing
>> those files on the new server.
>>
>> When I import such a file I get a lot (basically for every single
>> entry)
>> of warnings and errors in the errors-log like the following:
>>
>> [08/Nov/2022:21:01:52.272475719 +0100] - ERR - oc_check_allowed_sv -
>> Entry "cn=219058,ou=accounts,o=demo" -- attribute "entrylevelrights"
>> not allowed
>> [08/Nov/2022:21:01:52.273547001 +0100] - WARN - import_producer -
>> import demo: Skipping entry "cn=219058,ou=accounts,o=demo" which
>> violates schema, ending line 9232514 of file "/var/lib/dirsrv/slapd-
>> ldap-master/ldif/demo.ldif"
>>
>> I can't make heads or tails of this. I exported the ldif using the
>> 389-console using "Export Databases" and I import them via Cockpit
>> using "Initialize Suffix" for the Suffix o=demo
>>
>> I cannot find this attribute in any schema-file on either the old or
>> the new servers. Where does this come from
> a custom schema on the 1.2.2 box?

This attribute is used by GER (get effective rights) it's not supposed
to be written to the entry.  At least not when you "export" the database
to ldif.

How did you generate these ldifs?  Did you use db2ldif, or ldapsearch?  
If you used ldapsearch, then stop.  Please use db2ldif/db2ldif.pl

Mark R

>
>> , and how do I solve this
>> issue?
> I'm curious what objectclasses are found under the
> cn=219058,ou=accounts,o=demo object, and whether entrylevelrights is
> listed as an attribute for this object.
>
> If so, and the attribute is unneeded, perhaps remove this attribute
> from the ldif prior to importing?
>
> Mark
>
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

--
Directory Server Development Team
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

No comments:

Post a Comment