Re: [Scottish] LDAP migration help
On Wed, 13 Jun 2007, Phillip Bennett wrote: Hi everyone, I am trying to migrate our NIS services (users, autofs etc) to an LDAP server. I have found the Migration Tools from PADL (www.padl.com) and I am having a few weird problems. When running the migrate_all_nis_online.sh script, I recieve the following error: adding new entry uid=clare,ou=People,dc=mve,dc=com ldap_add: Invalid syntax (21) additional info: objectClass: value #6 invalid per syntax The data in question from the created ldif file is as follows: dn: uid=clare,ou=People,dc=mve,dc=com uid: clare cn: Clare Bond givenName: Clare sn: Bond mail: [EMAIL PROTECTED] mailRoutingAddress: [EMAIL PROTECTED] mailHost: islay.mve.com objectClass: inetLocalMailRecipient objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: kerberosSecurityObject userPassword: {crypt}snip! krbName: [EMAIL PROTECTED] loginShell: /bin/tcsh uidNumber: 2049 gidNumber: 20 homeDirectory: /homes/clare gecos: Clare Bond I'm not sure exactly which value is giving the error, but after removing all the mail ones, it looks like it's one of the objectClass values. There is no white space, and the values all look right to me. All the howtos I have read so far indicate that the USE_EXTENDED_SCHEMA VALUE SHOULD BE SET TO 1. However, if I set it to 0, the LDIF file gives the following data: dn: uid=clare,ou=People,dc=mve,dc=com uid: clare cn: Clare Bond objectClass: account objectClass: posixAccount objectClass: top userPassword: {crypt}snip! loginShell: /bin/tcsh uidNumber: 2049 gidNumber: 20 homeDirectory: /homes/clare gecos: Clare Bond Then, the resulting LDIF file works properly (after a bout of deleting duplicate service informatoin) and I have an LDAP database. So the question becomes, Do I need the extended schema? Depends if your applications need it, e.g. pam_ldap, Samba and so on. The 2nd stripped-down LDIF looks possibly a bit thin to me, so I'm guessing they may. Check that all the attributes and object classes required by the 1st LDIF are in the DSA core or included schema. If not all are find some extra schema to include that gives you what you need. And hope that you don't require to add an extra syntax type to the DSA as from what I remember it isn't fun - with most DSAs syntax are not generally configurable via text-based config and requires modification/extension to the code. The DSA could be moaning about included schema if it doesn't understand a syntax type used for an attribute... But if this is the case it may be you can subsititute for one it does know about. Andrew ___ Scottish mailing list Scottish@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/scottish
Re: [Scottish] LDAP migration help
quote who=Phillip Bennett Hi everyone, I am trying to migrate our NIS services (users, autofs etc) to an LDAP server. I have found the Migration Tools from PADL (www.padl.com) and I am having a few weird problems. Hi Phillip, When running the migrate_all_nis_online.sh script, I recieve the following error: adding new entry uid=clare,ou=People,dc=mve,dc=com ldap_add: Invalid syntax (21) additional info: objectClass: value #6 invalid per syntax snip objectClass: inetLocalMailRecipient objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: kerberosSecurityObject ObjectClasses start from #0, so value #6 in your LDIF is 'kerberosSecurityObject' This will be included for the attribute 'krbName'. This attribute isn't part of any of the schema files you have included in slapd.conf All the howtos I have read so far indicate that the USE_EXTENDED_SCHEMA VALUE SHOULD BE SET TO 1. However, if I set it to 0, the LDIF file gives the following data: Which Howto? Howtos are bad ;-) dn: uid=clare,ou=People,dc=mve,dc=com uid: clare cn: Clare Bond objectClass: account objectClass: posixAccount objectClass: top userPassword: {crypt}snip! loginShell: /bin/tcsh uidNumber: 2049 gidNumber: 20 homeDirectory: /homes/clare gecos: Clare Bond Then, the resulting LDIF file works properly (after a bout of deleting duplicate service informatoin) and I have an LDAP database. So the question becomes, Do I need the extended schema? * mailRoutingAddress * mailHost * inetLocalMailRecipient * kerberosSecurityObject * krbName If all you want to do is import the user accounts, you definitely don't need these. If you really want krbName, see: http://osdir.com/ml/network.openldap.general/2002-11/msg00128.html Who's version of OpenLDAP are you using btw? In the Red Hat rpms you'll notice: * Wed Apr 30 2003 Nalin Dahyabhai [EMAIL PROTECTED] - update to 2.1.17 - disable the shell backend, not expected to work well with threads - drop the kerberosSecurityObject schema, the krbName attribute it contains is only used if slapd is built with v2 kbind support The relevant includes from the slapd.conf file are: core.schema, cosine.schema, inetorgperson.schema, nis.schemfa, samba.schema, autofs.schema and misc.schema. I am hoping to be able to use the LDAP server for samba authentication later on (If it ever works!) and authenticate the windows clients to the samba server., thus giving linux and windows a single user database for everything. You'll then need to either migrate an existing tdb backend Samba setup with pdbedit to import from tdb to LDAP: pdbedit -y -i tdbsam: -e ldapsam:ldap://my.ldap.host (man pdbedit) Or use the smbldap-tools to add the samba attributes. See the main Samba docs for this. HTH, Gavin. -- Kind Regards, Gavin Henry. Managing Director. T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E [EMAIL PROTECTED] Open Source. Open Solutions(tm). http://www.suretecsystems.com/ ___ Scottish mailing list Scottish@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/scottish
Re: [Scottish] LDAP migration help
snip objectClass: inetLocalMailRecipient objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: kerberosSecurityObject ObjectClasses start from #0, so value #6 in your LDIF is 'kerberosSecurityObject' This will be included for the attribute 'krbName'. This attribute isn't part of any of the schema files you have included in slapd.conf That should say This ObjectClass isn't part of any of the schema, which is 'kerberosSecurityObject', and the attribute is 'krbName'. Thanks. ___ Scottish mailing list Scottish@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/scottish
Re: [Scottish] LDAP migration help
- Original Message - From: Gavin Henry [EMAIL PROTECTED] To: scottish@mailman.lug.org.uk Sent: Wednesday, June 13, 2007 3:29 PM Subject: Re: [Scottish] LDAP migration help snip objectClass: inetLocalMailRecipient objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: kerberosSecurityObject ObjectClasses start from #0, so value #6 in your LDIF is 'kerberosSecurityObject' This will be included for the attribute 'krbName'. This attribute isn't part of any of the schema files you have included in slapd.conf That should say This ObjectClass isn't part of any of the schema, which is 'kerberosSecurityObject', and the attribute is 'krbName'. Thanks. Hi, Thanks HEAPS for that guys! I didn't know anyone would know how to fix this so quick! I am indeed running redhat. I should have mentioned that, I guess... I have removed all the offending lines from the LDIF file and it seems to import fine now. I will play some more with it tomorrow At this rate, I should be up and running in no time! If anyone has any information they think might be of help for this project, please pass it on. This is my first attempt and I'm still reading up on everything and how it works. Thanks again, Phil. ___ Scottish mailing list Scottish@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/scottish
Re: [Scottish] LDAP migration help
quote who=Phillip Bennett - Original Message - From: Gavin Henry [EMAIL PROTECTED] To: scottish@mailman.lug.org.uk Sent: Wednesday, June 13, 2007 3:29 PM Subject: Re: [Scottish] LDAP migration help snip objectClass: inetLocalMailRecipient objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: kerberosSecurityObject ObjectClasses start from #0, so value #6 in your LDIF is 'kerberosSecurityObject' This will be included for the attribute 'krbName'. This attribute isn't part of any of the schema files you have included in slapd.conf That should say This ObjectClass isn't part of any of the schema, which is 'kerberosSecurityObject', and the attribute is 'krbName'. Thanks. Hi, Thanks HEAPS for that guys! I didn't know anyone would know how to fix this so quick! I am indeed running redhat. I should have mentioned that, I guess... I have removed all the offending lines from the LDIF file and it seems to import fine now. I will play some more with it tomorrow At this rate, I should be up and running in no time! No probs ;-) If anyone has any information they think might be of help for this project, please pass it on. This is my first attempt and I'm still reading up on everything and how it works. What is the end goal of the project? You can always get paid support if you get really stuck ;-) Thanks again, Phil. ___ Scottish mailing list Scottish@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/scottish ___ Scottish mailing list Scottish@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/scottish