[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: migrating contents from openldap-2.1 to openldap-2.3.37

On 08/16/2011 10:20 AM, Michael Kershaw wrote:

I've currently been tasked with migrating the contents of a contained
ldap environment running openldap-2.1 to a new development server
running sles11 with openldap-2.3.37.  I've begun to populate the new
environment, but have hit an "Invalid DN syntax" error that I'm not
quite sure how to get around yet.

You might consider using a newer version. The 2.4.x versions of OpenLDAP have treated us well. If your distro of choice doesn't offer a pre-compiled OpenLDAP that's a fairly recent version, compiling from source isn't that difficult.

In the past, when I've upgraded OpenLDAP (particularly, when the newer version was built with a newer version of BerkeleyDB) and I was worried about binary data file compatibility, I've used slapcat and slapadd to copy database contents, rather than ldapadd.

Hit the man pages for slapcat and slapadd on your systems to be sure, but if memory serves, you'd just want to this on your old LDAP server:
cd <whatever-dir-contains-your-db-files>
slapcat -f <your-slapd.conf-file> >/var/tmp/backup.ldif

   Then copy the resulting ldif file to your new server and do:
cd <whatever-dir-will-contain-your-db-files>
slapadd -f <your-slapd.conf-file>  < /var/tmp/backup.ldif

   Then startup the new slapd using the freshly generated database files.


 I'm new to ldap from a server point
of view, so I'm learning as I chug through this.

This piece is what's in the existing 2.1:

dn: group-name=EDI Technician,ou=group,ou=edi,dc=coat,dc=com
objectClass: group-roles
group-name: EDI Technician
roles: EDI Technician

And when I go to add:
ldapadd -x -W -D "cn=edi_admin,ou=edi,dc=coat,dc=com" -f ./edi-tech_roles.ldif
Enter LDAP Password:
adding new entry "group-name=EDI Technician,ou=group,ou=edi,dc=coat,dc=com"
ldap_add: Invalid DN syntax (34)
         additional info: invalid DN

Is it the "group-name" that's no longer valid syntax?  If so, is there
an equivalent?

Any help is appreciated!