Tuesday, March 14, 2023

[389-users] Re: Migration from OpenLDAP to 389 Directory Server Failed

Yes, you're right. I add sudo and the result run as I expected, it shows content file of ldap.conf. Next step is add access control instructions (aci) and I try it with commands below:
1. sudo dsconf -D 'cn=admin,dc=example,dc=org' ldap://localhost:389 plugin root-dn enable and I get result Enabled plugin 'RootDN Access Control'.
2. sudo ldapmodify -f aci.ldif -x -D 'cn=admin,dc=example,dc=org' -w 1234567890. But the result modifying entry "dc=example,dc=org" ldap_modify: No such object (32). Here's my aci.ldif file:

dn: dc=example,dc=org
changetype: modify
add: aci
aci: (targetattr="dc || description || objectClass")(targetfilter="(objectClass=domain)")(version 3.0; acl "Enable anyone domain read"; allow (read, search, compare)(userdn="ldap:///anyone");)
aci: (targetattr="ou || objectClass")(targetfilter="(objectClass=organizationalUnit)")(version 3.0; acl "Enable anyone ou read"; allow (read, search, compare)(userdn="ldap:///anyone");)


I also add those steps in my GitHub repo if you would like to check: https://github.com/kresnasatya/migrate-openldap-to-389-ds-failed/blob/main/README.md
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

No comments:

Post a Comment