[Date Prev][Date Next] [Chronological] [Thread] [Top]

IPlanet to OpenLDAP migration - few issues

Hello, I am trying to migrate our overpriced iPlanet directory to OpenLDAP.
I have (finally) gotten the schema translated from the proprietary iPlanet
format to OpenLDAP, and I am now trying to move the data.  When exporting
(either from the iplanet console, or the db2ldif  command), I get lots of
meta attributes in each entry like 'creatorName' and 'modifyTimestamp' in
the resulting ldif file.  When I try the ldapadd of the ldif, I
understandably get constraint errors saying I'm not allowed to modify this
information and the ldapadd fails.

Question 1: Is it either possible to export the data without these
attributes, or to have openldap ignore those attributes?  Alternatively, I
am going to have to write an awk/sed script to strip them out, but was
wondering if there was a cleaner solution.

On a similar note, there are a few empty attributes in this directory such
as myorgstreet2 in the following LDIF entry:

dn: myorgAN=home,cn=myAddress,myorgSN=addressBook,uid=defaultUser,ou=People,
 SSACO-041902, myorgRoot=top, o=myorg.com
myorgpostalcode: 80920
myorgAN: home
myorgstreet1: 8902 Charity Drive
objectClass: myorgAddress
objectClass: top
myorgstate: Colorado
myorgcity: Colorado Springs

For some reason, OpenLDAP is choking on these entries with empty attributes.
When I add an extra space to the end of the street2 line, the import works
and it is stored as empty!  Weird.

Question 2: Is there any way around this?

One other issue I have run into:
Our current setup requires two LDAP instances each with identical looking
trees, but different data in each instance (don't ask).  iPlanet allows you
to setup two instances on different ports with the same tree structure and
different DBs, but of course OpenLDAP wants me to have differing suffixes
for each instance running.

Question 3: Is there any way around this?  I tried starting two instances of
slapd on different ports, but they both point to the same backend database.
Would installing a 2nd copy of openldap into a different directory work, or
is there a better way to do this (aside from changing the structure of the
two LDAPs)?

Thanks for the help,