[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Populating a database

Subject: Re: Populating a database
From: Ed Grimm <squaretuit@os.tgape.org>
Date: Mon, 25 Mar 2002 23:23:25 -0500 (EST)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <3C9F3D87.CBF164B3@vlafo.be>

On Mon, 25 Mar 2002, Peter Van Biesen wrote:

> Hi,
> 
> I did this just last week. Netscape puts some stuff in the ldif file
> that openldap can not load. You'll have to edit the ldif file manually.
> I did this in emacs and it took me about ten minutes to do for our whole
> netscape database ( some 500 users ).
> 
> First of all, remove all lines starting with 'aci:', these are
> authorisationlines used by netscape but in openldap this is done in the
> slapd.conf file.

It can be done with ACIs in openldap, but the format's nigh completely
different.  Not to mention, openldap doesn't do ACI inheritence. (why
not?)

Incidentally, I tend to begin at the beginning...

Translate dn: <various crud that for some reason seemed to make sense to
 some rather annoying person that far too often will extend onto
 multiple lines and thus force you to understand LDIF's line
 continuation to do your edits (this is true for ACIs as well.)> to
something that actually makes sense for what you want to do with it.  It
can be very helpful if this is something that can then be translated
back, if you're going to be interacting with the old database.

I would especially point out that cn might not make a very sensible tag
for the DN; uid might make more sense (though that requires your people
to be inetorgpersons even if they don't have email.  Oh well.)

> Then, check for empty fields ( _ are spaces ! )
>
> change "SomeField:_" to "SomeField:__", otherwise you will get a #0
> error.

Or delete the line entirely.  If the field has no value, might as well
not have it take up space.

> Remove all modifytimestamp, modifier, createtimestamp, creator ( I don't
> remember the exact names, but there are 4 per record ). You could leave
> them in if you login on the server with the user defined in the updatedn
> parameter in the slapd.conf, but I haven't tried this myself. Safest way
> is to remove them.

You got the timestamps right, the others are modifiersname and
creatorsname.  Even when importing to netscape/iPlanet, these should be
deleted.

> Then there are some objectclasses specific to netscape, you'll have to
> discover these by trial and error. An attribute you can remove is
> memberurl and its objectclass ( something with url also ).

Netscape does make its schema publicly available.  Depending on which
version of Netscape you're talking about, it might be at
http://docs.iplanet.com/docs/manuals/directory/schema/contents.htm, or
it might be somewhere else.

Memberurl's objectclass is 'groupofurls'.

> If this is all done, you can just import the ldif file into the server;
> it shouldn't produce a lot of errors anymore. 

Or at least not nearly as many.  If it is merely a reduction, ask again
when you've identified the remainder.

Incidentally, you might find the '-00' option to perl useful.  (Or,
inside your script, setting $/ to ''.)  This causes perl to use one or
more blank lines as a separator, which will cause perl to read an entire
record at once.  After that, doing an

    s/\n //g;

converts all your continued lines into a continuous string.  Assuming
that's been done,

    s/\naci: .+?\n/\n/g;

will get rid of your ACIs.  You should be able to reapply that concept
on the rest of the changes you need to do.

Ed

> jorge@triple-e-vfx.com wrote:
>> 
>> Hello,
>> 
>>> After select the way to present and use data.
>>> I am not sure than "cn=_ALL,mail=all@domain.com" is your suffix????
>>> Please give your suffix, and the objectclass
>> 
>> My problem is that I'm trying to add the ldif file exported by netscape
>> or outlook...
>> 
>> It has the following aspect for every person:
>> 
>> dn: cn=_ALL,mail=all@domain.com
>> modifytimestamp: 20020319141342Z
>> cn: _ALL
>> mail: all@domain.com
>> xmozillausehtmlmail: FALSE
>> xmozillauseconferenceserver: 0
>> objectclass: top
>> objectclass: person
>> 
>> I could populate the database manually, or writing a perl script that
>> parses the old ldif file. But I'm interested better in populating the
>> database with this ldif file exported by netscape.
>> 
>> Any idea if that is possible ?
>> 
>> Thanks,
>> 
>> Jorge

Follow-Ups:
- Re: Populating a database
  - From: Peter Van Biesen <peter.vanbiesen@vlafo.be>

References:
- Re: Populating a database
  - From: Peter Van Biesen <peter.vanbiesen@vlafo.be>

Prev by Date: Re: Why Windows client can connect openldap server?
Next by Date: mail = mailRoutingAddress
Index(es):
- Chronological
- Thread