[Date Prev][Date Next]
Re: Migrating iPlanet to OpenLDAP
Yes - it should be possible to migrate NS DS data to OpenLDAP, with some
caveats, however. Note that "NS DS" ~= "iP DS", depending on version.
1) make sure that your NS DS LDIF export/backup/db dump contains
"user data" only (ie; no "machine" or LDAP host, schema, or
configuration data). If you have multiple "user" LDAP suffixes in NS DS,
you might want to dump them to seperate files.
2) the schema definitions between NS DS and OpenLDAP may not match. If
you are using OpenLDAP V1, then NS DS <= V4 schema format is fairly
similar between the two, but may still need some tweeking. If you are
using OpenLDAP V2 and NS DS <= V4, they are quite different. Refer to
openldap.org's online Administrator's Guide for OpenLDAP V2 schema
3) before you import any NS DS "user data" via LDIF, the objectclasses
and attributes used in the NS DS "data" need to be examined to see if
there are objectclasses and attributes that will need to be added to
OpenLDAP's "schema" files. This will be particularly true for locally
defined OC's and AT's.
4) if the LDAP suffix for the NS DS "user data" does not exist in the
OpenLDAP configuration, then either it will need to be added, or the NS
DS "user data" will need to be modified to match a suffix in OpenLDAP.
5) unfortunately, NS DS has more supported matching rules than OpenLDAP
does, at this time. You may find that some of the NS DS attributes that
you wish to import into OpenLDAP will be "unsupported" because there is
no existing matching rule code, as of yet. If so, you may have to
either choose other attributes or choose other supported matching rules
(again, refer to OpenLDAP's online Admin Guide).
6) if you are using iP DS V5, then the schema format is closer to
OpenLDAP V2, but includes one additional keyword, "X-ORIGIN", plus an
7) you may have to add or change any OID's between NS DS and OpenLDAP
when adding attributes to OpenLDAP. OpenLDAP V2 requires an OID, V1
does not. You will have to decide what to do with any NS specific
attributes in your data.
Once all required OC's and AT's are included in OpenLDAP's "schema
files", then you should be able to import the NS DS "user data".
On 23 Jul, Buro, Nicholas wrote:
> Hi All,
> I am currently running Netscape iPlanet, and wish to try to move to OpenLDAP
> using and exported LDIF from Netscape. Unfortunately I am not able to import
> (ldapadd) the LDIF from Netscape into OpenLDAP. I setup the config
> identically, but still get errors such as DSE already exists, and invalid
> credentials, depending whether or not I cut some information from the LDIF..
> Does anyone know if this is possible, and where I might be able to find more