[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: group migration to Ldap



Hi again,

you're right, imo that should do trick, I've set up a sles10/11 machine some weeks ago, as I can see from your yast.schema you set up another one. :)

I havn't had the problem with the structural Classes, because I didn't have freshly imported posixAccounts and Groups so I didn't mentioned that rfc2307/bis-problem at that point.

But I dunno if you have to rebuild a complete new database when you change a schema with attributes already in use in your current database.
In a case of failure you just have to delete your DB-Files in /var/lib/ldap to do a fresh start from scratch and reimport your accounts and groups, not that hard imo.

Good luck. :)

On Fri, Apr 9, 2010 at 15:50, Francis, Steve (IHG) <Steve.Francis@ihg.com> wrote:
Thanks!  Then I guess I should change to the nis.schema from the rfc3207bis.schema.  Any thoughts, or reasons why I shouldn't?
This is what I currently have:
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/sah.schema  ( application specific schema )
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/rfc2307bis.schema
include         /etc/openldap/schema/yast.schema
Steve Francis
Technical Advisor - zSeries, zLinux, z/OS
IHG
Alpharetta Data Center
Ph:  770-442-7157
Cell:  770-906-3122
IM: francisihg
 


From: Benjamin Griese [mailto:der.darude@gmail.com]
Sent: Friday, April 09, 2010 9:27 AM
To: Francis, Steve (IHG)
Cc: openldap-technical@openldap.org
Subject: Re: group migration to Ldap

Hi Steve,

maybe this due to the schema file which holds the objectClass posixGroup.
I guess its the difference between rfc2307 and rfc2307bis.
Where in rfc2307 the posixGroup is structural and in rfc2307bis it is not.

I guess I have rfc2307:
cat nis.schema:
objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup'
        DESC 'Abstraction of a group of accounts'
        SUP top STRUCTURAL
        MUST ( cn $ gidNumber )
        MAY ( userPassword $ memberUid $ description ) )

I am not 100% sure if that is true, please correct me if itsn't. :)

bye, benjamin

On Fri, Apr 9, 2010 at 15:01, Francis, Steve (IHG) <Steve.Francis@ihg.com> wrote:
I'm tyring to migrate my /etc/group to openldap.  I've used the migration tools, but for some reason, I get the following when trying to do the ldapadd for the group.ldif generated .
 
adding new entry "cn=at,ou=Group,dc=zlinux,dc=hiw,dc=com"
ldap_add: Object class violation (65)
        additional info: no structural object class provided
 
Not sure why, as the /etc/passwd migrated just fine.
 
Steve Francis
Technical Advisor - zSeries, zLinux, z/OS
IHG
Alpharetta Data Center
Ph:  770-442-7157
Cell:  770-906-3122
IM: francisihg
 



--
To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To be is to do -- Sartre | Do be do be do -- Sinatra




--
To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To be is to do -- Sartre | Do be do be do -- Sinatra