directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <seelm...@apache.org>
Subject Re: [ApacheDS] Data Migration from 1.0.2 to 1.5.5, AccessControlSubentries
Date Tue, 20 Oct 2009 22:38:17 GMT
Hi Beat,

Beat Burgener | NetSuccess GmbH wrote:
> Hi folks
> 
> I attempted to transfer my (little) LDAP data from ApacheDS 1.0.2. to
> Apache 1.5.5
> (using Studio 1.4.0)
> 
> Well, I was not really successful ...
> 
> What I did is, I exported the system and our partition from 1.0.2
> (including the operation attributes
> as we use ACI) to separate LDIF files ...
> 
> I removed everything from the system.ldif that was not "custom"  to not
> interfere with objects
> in the new version (and did also not allow to overwrite anything ...)
> This one went in like a charm ....

I'm not sure if you need to migrate anything from the system partition,
except if you added custom objects. (Ok, I see now that your mzu_adm
user existst in the system partition)

> Now, I imported our partition, but there, some errors are reported (we
> only have approx. 80
> entries for now, some failed).
> 
> After some further investigation, this was related to the fact, that
> there were some dependencies
> like the OU should exist where the object should go. But in the LDIF,
> the OU was created
> later than the object itself ... okey, not that dramatic I thought and I
> should re-run the import
> later again, which should work out ...

Yes, we plan to add a "re-order" feature for LDIFs. but multiple
re-imports should do the job ;-)

> But I have other issues, that I could not explain ...
> 
> In the import log, for example, I get this:
> 
> #!RESULT OK
> #!CONNECTION ldap://10.255.100.16:389
> #!DATE 2009-10-20T17:01:14.568
> dn: ou=DDT,ou=Customers,dc=netsuccess,dc=ch
> objectClass: organizationalUnit
> objectClass: top
> ou: DDT
> accessControlSubentries:
> 2.5.4.3=se_ldap_customer_limited_read_access,0.9.23
> 42.19200300.100.1.25=netsuccess,0.9.2342.19200300.100.1.25=ch
> accessControlSubentries:
> 2.5.4.3=se_ldap_full_administrators,0.9.2342.192003
> 00.100.1.25=netsuccess,0.9.2342.19200300.100.1.25=ch
> createTimestamp: 20091019143703Z
> creatorsName: 2.5.4.3=mzu_adm,2.5.4.11=users,2.5.4.11=system

Ok, you should can't add operational attributes (in your case:
accessControlSubentries, createTimestamp, creatorsName). They are
created by the server.

I think that this entry wasn't created but I don't know why you get a
"OK". I'll check tomorrow if this is a server or studio problem.

> But I cannot see this OU under customer!
> I also get an error in the Studio like:
> 
> Attempt to lookup non-existant entry:
> 2.5.4.3=se_ldap_customer_limited_read_access,0.9.2342.19200300.100.1.25=netsuccess,0.9.2342.19200300.100.1.25=ch]
> 
> Why some of the OU's are displayed and some not.
> From those I can see, they have also the subentry defined ?!
> 
> I can also not see the Subentries in the top level of the partition, as
> it was defined before ...
> I couldn't find their definition in the exportet LDIF either (well,
> maybe I didn't search for the right stuff, as I'm not that an expert ...)

Are the sub-entries included in your LDIF? You need to export "normal
entries" and "subentries" separately. You could export the latter by
selecting "Subentries Control" in the export wizard.

Kind Regards,
Stefan



Mime
View raw message