[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Migrating from Netscape Ldap to Openldap

Thanks for the ideas Adam.

To answer your questions:


> > How many attributes/objectclasses are we talking about?  If it is only a
> > few you may be able to reverse engineer it;  or enquire of the Netscape
> > DSA what the schema for these attributes are in cn=subchema, then just
> > recreate them in an OpenLDAP compliant style.

There's more than 300 entries which have to be migrated over. While I've been able to get some information from the Netscape DSA,the overwhelming consensus is that the field mappings are the same.


> > The password attribute could be an
> > interesting one however,  is it encoded in a {crypt-type}crypt format?

Yes, the password is encoded. I'm still investigating that piece and will be able to provide the type of encoding or any work-arounds that I've done for that shortly.

You mentioned using a back-ldap/proxy earlier. Can you elaborate on that? I'd be curious to see if that might bridge the two environments into talking nicely to each other. Outside of that, I'll be contacting Nortel 
(the VPN manufacturer) tomorrow. I look forward to hearing their response to the questions. I've emailed them 5 times and have not received a response. Will let you know what comes of it and will post
whatever they provide in case anyone wants/needs a copy.

Thanks again,
Preston

On Sun, 2004-11-07 at 12:34 -0500, Adam Tauno Williams wrote:
> > Thanks for your reply. I've dumped the database out to an ldf file and
> > examined it. The problem I appear to be running into is that instead of
> > using attributes like "username" or "userpassword", all of the
> > information is being dumped as "newoakuser" or "newoakuserpassword". 
> > I've tried going into the ldf file to replace all of the "newoak*" with
> > the Openldap equivalent, but when I do, I lose all the ability to
> > communicate with the Vpn device. In contrast, trying to import the
> > "newoak*" information into Openldap results in "Unknown attribute
> > newoak*" and a failed import. Do you know if it's possible to map
> > between the two formats or if a schema exists that correlates with
> > "newoak*?" 
> 
> How many attributes/objectclasses are we talking about?  If it is only a
> few you may be able to reverse engineer it;  or enquire of the Netscape
> DSA what the schema for these attributes are in cn=subchema, then just
> recreate them in an OpenLDAP compliant style.
> 
> Otherwise, if they are really equivalent to the OpenLDAP schema
> (newoakuser = uid) you may just be able to use back-ldap/proxy to
> rewrite data from the 'standard' OpenLDAP form to the funky attribute
> names used by your device;  we've done this successfully with a couple
> of odd software packages.  The password attribute could be an
> interesting one however,  is it encoded in a {crypt-type}crypt format?
> 
> > I've searched the internet looking for "newoak" schemas or instructions
> > on setting up attributes mappings but have not been able to find
> > anything which would allow me to merge the two. 
> 
> How about contacting the tech support people of the devices OEM?  Surely
> they have to know the schema they are using.
>