Re: [Scottish] LDAP migration help
On Wed, 13 Jun 2007, Phillip Bennett wrote:
Hi everyone,
I am trying to migrate our NIS services (users, autofs etc) to an LDAP
server. I have found the Migration Tools from PADL (www.padl.com) and I am
having a few weird problems.
When running the migrate_all_nis_online.sh script, I recieve the following
error:
adding new entry uid=clare,ou=People,dc=mve,dc=com
ldap_add: Invalid syntax (21)
additional info: objectClass: value #6 invalid per syntax
The data in question from the created ldif file is as follows:
dn: uid=clare,ou=People,dc=mve,dc=com
uid: clare
cn: Clare Bond
givenName: Clare
sn: Bond
mail: [EMAIL PROTECTED]
mailRoutingAddress: [EMAIL PROTECTED]
mailHost: islay.mve.com
objectClass: inetLocalMailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: kerberosSecurityObject
userPassword: {crypt}snip!
krbName: [EMAIL PROTECTED]
loginShell: /bin/tcsh
uidNumber: 2049
gidNumber: 20
homeDirectory: /homes/clare
gecos: Clare Bond
I'm not sure exactly which value is giving the error, but after removing all
the mail ones, it looks like it's one of the objectClass values. There is no
white space, and the values all look right to me.
All the howtos I have read so far indicate that the USE_EXTENDED_SCHEMA
VALUE SHOULD BE SET TO 1. However, if I set it to 0, the LDIF file gives the
following data:
dn: uid=clare,ou=People,dc=mve,dc=com
uid: clare
cn: Clare Bond
objectClass: account
objectClass: posixAccount
objectClass: top
userPassword: {crypt}snip!
loginShell: /bin/tcsh
uidNumber: 2049
gidNumber: 20
homeDirectory: /homes/clare
gecos: Clare Bond
Then, the resulting LDIF file works properly (after a bout of deleting
duplicate service informatoin) and I have an LDAP database. So the question
becomes, Do I need the extended schema?
Depends if your applications need it, e.g. pam_ldap, Samba and so on. The
2nd stripped-down LDIF looks possibly a bit thin to me, so I'm guessing
they may.
Check that all the attributes and object classes required by the 1st LDIF
are in the DSA core or included schema. If not all are find some extra
schema to include that gives you what you need.
And hope that you don't require to add an extra syntax type to the DSA as
from what I remember it isn't fun - with most DSAs syntax are not
generally configurable via text-based config and requires
modification/extension to the code. The DSA could be moaning about
included schema if it doesn't understand a syntax type used for an
attribute... But if this is the case it may be you can subsititute for
one it does know about.
Andrew
___
Scottish mailing list
Scottish@mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/scottish
Re: [Scottish] LDAP migration help
quote who=Phillip Bennett
Hi everyone,
I am trying to migrate our NIS services (users, autofs etc) to an LDAP
server. I have found the Migration Tools from PADL (www.padl.com) and I am
having a few weird problems.
Hi Phillip,
When running the migrate_all_nis_online.sh script, I recieve the
following
error:
adding new entry uid=clare,ou=People,dc=mve,dc=com
ldap_add: Invalid syntax (21)
additional info: objectClass: value #6 invalid per syntax
snip
objectClass: inetLocalMailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: kerberosSecurityObject
ObjectClasses start from #0, so value #6 in your LDIF is
'kerberosSecurityObject'
This will be included for the attribute 'krbName'.
This attribute isn't part of any of the schema files you have included in
slapd.conf
All the howtos I have read so far indicate that the USE_EXTENDED_SCHEMA
VALUE SHOULD BE SET TO 1. However, if I set it to 0, the LDIF file gives
the following data:
Which Howto? Howtos are bad ;-)
dn: uid=clare,ou=People,dc=mve,dc=com
uid: clare
cn: Clare Bond
objectClass: account
objectClass: posixAccount
objectClass: top
userPassword: {crypt}snip!
loginShell: /bin/tcsh
uidNumber: 2049
gidNumber: 20
homeDirectory: /homes/clare
gecos: Clare Bond
Then, the resulting LDIF file works properly (after a bout of deleting
duplicate service informatoin) and I have an LDAP database. So the
question
becomes, Do I need the extended schema?
* mailRoutingAddress
* mailHost
* inetLocalMailRecipient
* kerberosSecurityObject
* krbName
If all you want to do is import the user accounts, you definitely don't
need these.
If you really want krbName, see:
http://osdir.com/ml/network.openldap.general/2002-11/msg00128.html
Who's version of OpenLDAP are you using btw?
In the Red Hat rpms you'll notice:
* Wed Apr 30 2003 Nalin Dahyabhai [EMAIL PROTECTED]
- update to 2.1.17
- disable the shell backend, not expected to work well with threads
- drop the kerberosSecurityObject schema, the krbName attribute it
contains is only used if slapd is built with v2 kbind support
The relevant includes from the slapd.conf file are: core.schema,
cosine.schema, inetorgperson.schema, nis.schemfa, samba.schema,
autofs.schema and misc.schema. I am hoping to be able to use the LDAP
server for samba authentication later on (If it ever works!) and
authenticate the windows clients to the samba server., thus giving linux
and
windows a single user database for everything.
You'll then need to either migrate an existing tdb backend Samba setup
with pdbedit to import from tdb to LDAP:
pdbedit -y -i tdbsam: -e ldapsam:ldap://my.ldap.host
(man pdbedit)
Or use the smbldap-tools to add the samba attributes. See the main Samba
docs for this.
HTH,
Gavin.
--
Kind Regards,
Gavin Henry.
Managing Director.
T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E [EMAIL PROTECTED]
Open Source. Open Solutions(tm).
http://www.suretecsystems.com/
___
Scottish mailing list
Scottish@mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/scottish
Re: [Scottish] LDAP migration help
snip objectClass: inetLocalMailRecipient objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: kerberosSecurityObject ObjectClasses start from #0, so value #6 in your LDIF is 'kerberosSecurityObject' This will be included for the attribute 'krbName'. This attribute isn't part of any of the schema files you have included in slapd.conf That should say This ObjectClass isn't part of any of the schema, which is 'kerberosSecurityObject', and the attribute is 'krbName'. Thanks. ___ Scottish mailing list Scottish@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/scottish
Re: [Scottish] LDAP migration help
- Original Message - From: Gavin Henry [EMAIL PROTECTED] To: scottish@mailman.lug.org.uk Sent: Wednesday, June 13, 2007 3:29 PM Subject: Re: [Scottish] LDAP migration help snip objectClass: inetLocalMailRecipient objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: kerberosSecurityObject ObjectClasses start from #0, so value #6 in your LDIF is 'kerberosSecurityObject' This will be included for the attribute 'krbName'. This attribute isn't part of any of the schema files you have included in slapd.conf That should say This ObjectClass isn't part of any of the schema, which is 'kerberosSecurityObject', and the attribute is 'krbName'. Thanks. Hi, Thanks HEAPS for that guys! I didn't know anyone would know how to fix this so quick! I am indeed running redhat. I should have mentioned that, I guess... I have removed all the offending lines from the LDIF file and it seems to import fine now. I will play some more with it tomorrow At this rate, I should be up and running in no time! If anyone has any information they think might be of help for this project, please pass it on. This is my first attempt and I'm still reading up on everything and how it works. Thanks again, Phil. ___ Scottish mailing list Scottish@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/scottish
Re: [Scottish] LDAP migration help
quote who=Phillip Bennett - Original Message - From: Gavin Henry [EMAIL PROTECTED] To: scottish@mailman.lug.org.uk Sent: Wednesday, June 13, 2007 3:29 PM Subject: Re: [Scottish] LDAP migration help snip objectClass: inetLocalMailRecipient objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: kerberosSecurityObject ObjectClasses start from #0, so value #6 in your LDIF is 'kerberosSecurityObject' This will be included for the attribute 'krbName'. This attribute isn't part of any of the schema files you have included in slapd.conf That should say This ObjectClass isn't part of any of the schema, which is 'kerberosSecurityObject', and the attribute is 'krbName'. Thanks. Hi, Thanks HEAPS for that guys! I didn't know anyone would know how to fix this so quick! I am indeed running redhat. I should have mentioned that, I guess... I have removed all the offending lines from the LDIF file and it seems to import fine now. I will play some more with it tomorrow At this rate, I should be up and running in no time! No probs ;-) If anyone has any information they think might be of help for this project, please pass it on. This is my first attempt and I'm still reading up on everything and how it works. What is the end goal of the project? You can always get paid support if you get really stuck ;-) Thanks again, Phil. ___ Scottish mailing list Scottish@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/scottish ___ Scottish mailing list Scottish@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/scottish
