[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: DSEE to OpenLDAP

To: Howard Chu <hyc@symas.com>, Bill MacAllister <whm@stanford.edu>
Subject: Re: DSEE to OpenLDAP
From: Adam Nye <adam@spoontech.biz>
Date: Mon, 21 Mar 2011 21:13:54 +1030
Cc: Omer Faruk SEN <omerfsen@gmail.com>, openldap-technical@openldap.org
In-reply-to: <4D87277F.4060301@symas.com>
Thread-topic: DSEE to OpenLDAP
User-agent: Microsoft-MacOutlook/14.2.0.101115

Thanks to all of you for the advise.

Howard is correct, when using dsconf to export the DSEE catalog, you get
some "special" SUN-ONLY attributes, which are not supported/formatted
correctly, and therefore cant be imported using slapadd. I read somewhere
about stripping those out before performing the import, although I'm not
sure whether I would actually need the data stored in these attributes...

Using ldapadd sounds like the way to go, although I'm not sure how this
helps me "filter" the special SUN-ONLY attributes... Just ensures I don¹t
feed garbage into my new shiny openldap catalog :)

Bills idea of performing a ldapsearch from the openldap box, and somehow
feeding that to slapadd/ldapadd sounds like a good plan, but not sure
about the best way to get this done...

Will do some more reading, but if anyone has some tips, I'm all ears.

Thanks again,

On 21/03/11 8:55 PM, "Howard Chu" <hyc@symas.com> wrote:

>Bill MacAllister wrote:
>>>> I'm not sure that replication between the two is an option (although
>>>>would
>>>> love it if it was :), so I have looked into exporting the current DSEE
>>>> environment to a LDIF, and attempted to then import it into openldap
>>>> (using slapadd), but ran into a few issues...
>>>>
>>>> The issue I'm currently stuck on is getting the data in the LDIF into
>>>>a
>>>> format that can be imported using slapadd. Currently, I have issues
>>>>with
>>>> automounts, pwdReset attribs etc etc...
>>
>> Why can't you just use ldapsearch on the existing directory and use that
>> as input to slapadd?
>
>slapadd is meant for well-formed LDIF input, mainly from slapcat. DSEE is
>known to not support schema checking of any kind, therefore any LDIF you
>obtain from it will most likely be full of garbage and not well-formed.
>As 
>such, you should only use ldapadd to import it, so you get full error
>checking 
>on the import.
>
>> Of course, that only gets you the data.  I would bet that the real issue
>> will be getting the access controls correct.
>
>-- 
>   -- Howard Chu
>   CTO, Symas Corp.           http://www.symas.com
>   Director, Highland Sun     http://highlandsun.com/hyc/
>   Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- Re: DSEE to OpenLDAP
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: DSEE to OpenLDAP
Next by Date: Re: DSEE to OpenLDAP
Index(es):
- Chronological
- Thread