[Date Prev][Date Next]
Re: Concerning openldap and netscape/iplanet
Thanks for the valuable advice.
I do have a replication agreement in place from the NS DS.
However, you did not address my issues with the aci attribute inherited from
Netscape, as I was having difficulties with this.
Did you also have to any tweaking to the OpenLDAP schema besides adding the
What tree are you replicating?
Jim Dutton wrote:
> Yes - I have done replication from and to Netscape DS, and I have
> learned about a few "gotchas"!
> Do you have a "Replication Agreements/Supplier Initiated/...."
> configuration in place on NS DS with the proper authentication to
> Next, you need to add ONE MORE attribute - "copiedFrom". I put it in
> "legacy.at.schema" since it is not one of MY attributes:
> # from NS DS-4.12
> attributetype ( copiedFrom-oid
> NAME 'copiedFrom'
> DESC 'NS DS-4.12 replication server identification field'
> EQUALITY caseIgnoreMatch
> SUBSTR caseIgnoreSubstringsMatch
> SYNTAX 188.8.131.52.4.1.14184.108.40.206.44 )
> Next, you need to "object/create LDIF file", extract the
> "copiedFrom" value from the appropriate subtree, and add this attribute
> and value to the OpenLDAP subtree to be replicated to. The last field is
> the replicaton number. For new replication processing, this should be
> set to zero.
> One of the "gotchas" about NS DS replication: you can't suspend it - you
> have to delete the "agreement" if you need/want to stop/suspend
> replication, unless you want to play games with assigning a new daily
> synch schedule.
> There are a few things about dealing with replication errors that I have
> run into as well.
> On 30 Apr, Julian Gordon wrote:
> > Jim,
> > Excuse my ignorance, but as far as I understand it, it seems that in order
> > to replicate a tree from a master to a slave, you have to have a matching
> > schema defined in the slave.
> > Now, upon trying to implement the Netscape Tree for NsCalUser into OpenLDAP,
> > it barfed, saying that it did not recognise the aci attribute in Top... This
> > came from Netscape directly.
> > So I added the definition of the aci attribute (and a slew of others that
> > were also missing, and managed to get OpenLDAP to accept this Netscape
> > tree...
> > Replication still has not occurred though...
> > Have you managed to replicate a tree from Netscape to OpenLDAP & vice-versa?
> > Thanks,
> > Julian
> > Jim Dutton wrote:
> >> Modify core.schema as follows:
> >> ========== core.schema ======================
> >> # legacy defined attribute; 1 Feb 2001, JED
> >> #attributetype ( 220.127.116.11.4.1.9036.1.1
> >> attributetype ( aci-oid
> >> NAME 'aci'
> >> DESC 'Access Control Instruction'
> >> EQUALITY caseIgnoreMatch
> >> SYNTAX 18.104.22.168.4.1.1422.214.171.124.5 )
> >> #
> >> # Standard object classes from RFC2256
> >> # modified 1 Feb 2001 - JED - add aci
> >> objectclass ( 126.96.36.199 NAME 'top' ABSTRACT
> >> MUST objectClass
> >> MAY aci )
> >> Note that OpenLDAP does not "support" ACI so even if the attribute is
> >> defined, OpenLDAP will not use nor update it. Replication from Netscape
> >> to OpenLDAP WILL cause the attribute to be used and the Netscape ACI
> >> data stored. After that, Netscape doesn't care about what happens to the
> >> ACI attribute stored in OpenLDAP.
> >> On 12 Apr, Julian Gordon wrote:
> >> >
> >> > Is it possible to replicate from netscape to openldap?
> >> >
> >> > I wish to create an alias list in openldap that will be accessed by
> >> > postfix (or some other LDAP aware MTA), but am finding difficulty in
> >> > creating the schema in openldap due to the missing aci attribute
> >> > defined b netscape.
Julian M. Gordon
Harvard Business School
Tel : (617) 495-6738
Cell: (508) 561-3907