I am in the process of migrating my OpenLdap 2.3 system to a new OpenLdap 2.4 system but something is not working right for the import(slapadd) to the new system. There are 35,895 objects defined in the LDIF generated by slapcat.
RPM: openldap-servers-2.4.44-21.el7_6.x86_64
Example:
Importing the following object by slapadd:
dn: cn=demokag,ou=Groups,dc=somewhere,dc=org *cn*: demokag *description*: KAG Demo *owner*: cn=manager,dc=somewhere,dc=org objectClass: top objectClass: groupOfUniqueNames *uniqueMember*: uid=sombody,ou=People,dc=somewhere,dc=org *uniqueMember*: uid=somebodyelse,ou=People,dc=somewhere,dc=org structuralObjectClass: groupOfUniqueNames entryUUID: 78450864-a24e-1030-9086-8baf95aed3fc creatorsName: cn=Manager,dc=somewhere,dc=org createTimestamp: 20111113142106Z entryCSN: 20121116140519Z#000000#00#000000 modifiersName: cn=Manager,dc=somewhere,dc=org modifyTimestamp: 20121116140519Z
Produces this object: dn: cn=demokag,ou=groups,dc=somewhere,dc=org *givenName*: demokag *owner*: KAG Demo *uniqueMember*: cn=manager,dc=somewhere,dc=org objectClass: top objectClass: groupOfUniqueNames *gidNumber*: uid=somebody,ou=People,dc=somewhere,dc=org *gidNumber*: uid=somebodyelse,ou=People,dc=somewhere,dc=org structuralObjectClass: groupOfUniqueNames entryUUID: 78450864-a24e-1030-9086-8baf95aed3fc creatorsName: cn=Manager,dc=somewhere,dc=org createTimestamp: 20111113142106Z entryCSN: 20121116140519Z#000000#00#000000 modifiersName: cn=Manager,dc=somewhere,dc=org modifyTimestamp: 20121116140519Z
1. I bolded the impacted attributes. 2. I am unable to do ldapsearch for this object. I believe this is because the cn is being replaced with givenName. 3. Spot checking it appears this is happening to all of the objects under the groups OU. Maybe other object types are bad too. I do not know yet.
I have been beating my head on this for several days.Any help would be appreciated.
--On Monday, April 15, 2019 9:17 AM -0500 Ezsra McDonald ezsra.mcdonald@gmail.com wrote:
I am in the process of migrating my OpenLdap 2.3 system to a new OpenLdap 2.4 system but something is not working right for the import(slapadd) to the new system. There are 35,895 objects defined in the LDIF generated by slapcat.
I would suggest you start with ldapadd to import, rather than slapadd, as you likely need the additional validation steps initially when doing the migration from 2.3 to 2.4.
I'd also avoid using RH's native packages and use a current release. The LTB project and Symas both provide free alternatives to RH's builds.
https://ltb-project.org/download#openldap https://repo.symas.com/sofl/rhel7/
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
On 4/15/19 3:17 PM, Ezsra McDonald wrote:
Importing the following object by slapadd:
dn: cn=demokag,ou=Groups,dc=somewhere,dc=org *cn*: demokag *description*: KAG Demo *owner*: cn=manager,dc=somewhere,dc=org objectClass: top objectClass: groupOfUniqueNames *uniqueMember*: uid=sombody,ou=People,dc=somewhere,dc=org *uniqueMember*: uid=somebodyelse,ou=People,dc=somewhere,dc=org structuralObjectClass: groupOfUniqueNames entryUUID: 78450864-a24e-1030-9086-8baf95aed3fc creatorsName: cn=Manager,dc=somewhere,dc=org createTimestamp: 20111113142106Z entryCSN: 20121116140519Z#000000#00#000000 modifiersName: cn=Manager,dc=somewhere,dc=org modifyTimestamp: 20121116140519Z
Produces this object: dn: cn=demokag,ou=groups,dc=somewhere,dc=org *givenName*: demokag *owner*: KAG Demo *uniqueMember*: cn=manager,dc=somewhere,dc=org objectClass: top objectClass: groupOfUniqueNames *gidNumber*: uid=somebody,ou=People,dc=somewhere,dc=org *gidNumber*: uid=somebodyelse,ou=People,dc=somewhere,dc=org structuralObjectClass: groupOfUniqueNames entryUUID: 78450864-a24e-1030-9086-8baf95aed3fc creatorsName: cn=Manager,dc=somewhere,dc=org createTimestamp: 20111113142106Z entryCSN: 20121116140519Z#000000#00#000000 modifiersName: cn=Manager,dc=somewhere,dc=org modifyTimestamp: 20121116140519Z
It seems the schema is somewhat messed up.
Did you change anything in the schema? Especially reusing OIDs?
Ciao, Michael.
openldap-technical@openldap.org