Wednesday, June 7, 2017

[389-users] Re: Migration from OpenLDAP to 389 DS

openldap heavily uses the "orderd value or entry prefix", so youhave
numbers {nnn} in the dns and attributes like:

cn={12}itnetmanager

or

olcAttributeTypes: {262} ...

I would first try to remove these {nnn} stuff and retry


On 06/07/2017 10:25 AM, b.kalan@iskratel.si wrote:
> Hi,
>
> I'm completely new in LDAP and I have one task to do. Task is migration from OpenLDAP to 389 DS.
> I have installed 389 and now I try to import schema from OpenLDAP. First I create export of schema from OpenLDAP.
>
> config.ldif is done with command: slapcat -F /opt/ldap/mn/slapd.d/ -b "cn=config" > conf.ldif
> itnetmanager.ldif is done via java LDAP Browser.
>
> Then I try to convert this ldif files with scripts at http://www.port389.org/docs/389ds/scripts.html, but I did not succeed.
> Can someone help me, how can I convert ldif files from OpenLDAP, that be useful for import to 389 DS?
>
> Here are few rows from both file:
>
> itnetmanager_schema_export.ldif
> dn: cn={12}itnetmanager, cn=schema, cn=config
> olcObjectClasses: {0} ( 1.3.6.1.4.1.1332.1000.30.1 NAME 'itPrepaidPinSub' DES
> C 'IskratelprepaidPinSub' MUST ( itPrepaidPin $ itDirectoryNumber ) )
> olcObjectClasses: {1} ( 1.3.6.1.4.1.1332.1000.30.2 NAME 'itPrepaidCgPNSub' DE
> SC 'IskratelprepaidCgPNSub' MUST ( itCgPN $ itDirectoryNumber ) )
> olcObjectClasses: {2} ( 1.3.6.1.4.1.1332.1000.30.3 NAME 'itPrepaidSubAccount'
> DESC 'IskratelprepaidSubAccount' MUST ( itDirectoryNumber $ itAccountStatus
> $ itAccountBalance $ itDateOfLastUsed $ itDateOfExpiry $ itLanguageCode $ i
> tUnsucRechargeAtt $ itStatGroupId $ itPrepaidSetId))
> olcObjectClasses: {3} ( 1.3.6.1.4.1.1332.1000.30.4 NAME 'itPrepaidSet' DESC '
> IskratelprepaidSet' MUST ( itPrepaidSetId $ itPrepaidSetName $ itWelcomeMsgM
> ode $ itLanguageMode $ itCbMode $ itRechargeAuth $ itLockAuth $ itRrReqMode
> $ itMaxCallAtt $ itMaxRechargeAtt $ itSimultCallsAuth $ itLowBalanceWarn $ i
> tNearExpiryWarn $ itNegAccBalance $ itMaxAccBalance $ itSuspensionDur $ itMi
> nCallDur $ itLowBalanceValue1 $ itLowBalanceValue2 $ itCnPNDisplayMode $ itP
> repaidSubsType $ itAvailDurMsgAuth $ itAccBalMsgAuth $ itOrgChargeCode $ itV
> alidityTime ))
> ...
> olcAttributeTypes: {262} ( 1.3.6.1.4.1.1332.1000.10.266 NAME ('itDefaultPolic
> yProfile') DESC 'Is User Policy Default' EQUALITY booleanMatch SUBSTR caseIg
> noreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
> olcAttributeTypes: {263} ( 1.3.6.1.4.1.1332.1000.10.267 NAME ('itPasswordHist
> ory') DESC 'User Password History' EQUALITY caseIgnoreMatch SUBSTR caseIgnor
> eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
> objectClass: olcSchemaConfig
> cn: {12}itnetmanager
>
>
>
> config.ldif
> dn: cn=config
> olcLogLevel: 0
> olcConnMaxPending: 100
> olcConcurrency: 0
> olcWriteTimeout: 0
> olcArgsFile: /var/run/openldap/slapd_mn.args
> olcIndexSubstrAnyStep: 2
> olcSockbufMaxIncoming: 262143
> olcTLSCertificateKeyFile: /opt/ldap/mn/certs/password
> objectClass: olcGlobal
> olcIndexIntLen: 4
> olcConnMaxPendingAuth: 1000
> olcTLSCertificateFile: "OpenLDAP Server"
> cn: config
> olcIndexSubstrIfMinLen: 2
> olcAttributeOptions: lang-
> olcPidFile: /var/run/openldap/slapd_mn.pid
> olcConfigDir: /opt/ldap/mn/slapd.d/
> olcReverseLookup: FALSE
> olcGentleHUP: FALSE
> olcTLSCACertificatePath: /opt/ldap/mn/certs
> olcReadOnly: FALSE
> olcTLSVerifyClient: never
> olcThreads: 16
> olcIndexSubstrAnyLen: 4
> olcToolThreads: 1
> olcSockbufMaxIncomingAuth: 16777215
> olcIdleTimeout: 0
> olcSaslSecProps: noplain,noanonymous
> olcConfigFile: /opt/ldap/mn/slapd.conf
> olcAuthzPolicy: none
> olcIndexSubstrIfMaxLen: 4
> olcAllows: bind_v2
> olcLocalSSF: 71
>
> dn: cn=schema, cn=config
> olcObjectClasses: ( 2.5.6.0 NAME 'top' DESC 'top of the superclass chain' ABS
> TRACT MUST objectClass )
> olcObjectClasses: ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject' DESC
> 'RFC4512: extensible object' SUP top AUXILIARY )
> olcObjectClasses: ( 2.5.6.1 NAME 'alias' DESC 'RFC4512: an alias' SUP top STR
> UCTURAL MUST aliasedObjectName )
> ...
> olcAccess: {2}to attrs=itPasswordFtp by group/groupOfUniqueNames/uniqueMembe
> r.exact="cn=adminrole,ou=group,l=Kranj,c=SI" write by * none
> olcAccess: {3}to attrs=itPasswordDb by group/groupOfUniqueNames/uniqueMember
> .exact="cn=adminrole,ou=group,l=Kranj,c=SI" write by * none
> olcDbConfig: {0}# Set location for txn log files
> olcDbConfig: {1}set_lg_dir /opt/ldap/mn/ldapDB
> olcDbConfig: {2}# Set cache size 20MB
> olcDbConfig: {3}set_cachesize 0 20971520 0
> olcDbConfig: {4}set_lg_regionmax 262144
> olcDbConfig: {5}set_lg_bsize 2097152
> olcDbConfig: {6}# Automatically remove log files that are no longer needed.
> olcDbConfig: {7}set_flags DB_LOG_AUTOREMOVE
> olcDbConfig: {8}# Just use these settings when doing slapadd...
> olcDbConfig: {9}# set_flags DB_TXN_NOSYNC
> olcDbIDLcacheSize: 0
> objectClass: olcDatabaseConfig
> objectClass: olcBdbConfig
> olcDbShmKey: 0
> olcMaxDerefDepth: 10
> olcLastMod: TRUE
> olcDbCacheFree: 5
> olcDbCacheSize: 150000
> olcDbDirtyRead: FALSE
> olcReadOnly: FALSE
> olcDbSearchStack: 16
> olcDatabase: {2}bdb
> olcDbDNcacheSize: 0
> olcRootPW: {MD5}tGVcx24Qek2C4rq4tk32Wg==
> olcDbCheckpoint: 10 1
> olcRootDN: cn=ldapadmin,l=Kranj,c=SI
> olcDbDirectory: /opt/ldap/mn/ldapDB
> olcSizeLimit: 150000
>
> Thank you!
> br,rtmktl
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org

--
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org

No comments:

Post a Comment