directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <seelm...@apache.org>
Subject Re: [ApacheDS] Data Migration from 1.0.2 to 1.5.5, AccessControlSubentries
Date Wed, 21 Oct 2009 12:42:47 GMT
Hi again,

Stefan Seelmann wrote:
>> #!RESULT OK
>> #!CONNECTION ldap://10.255.100.16:389
>> #!DATE 2009-10-20T17:01:14.568
>> dn: ou=DDT,ou=Customers,dc=netsuccess,dc=ch
>> objectClass: organizationalUnit
>> objectClass: top
>> ou: DDT
>> accessControlSubentries:
>> 2.5.4.3=se_ldap_customer_limited_read_access,0.9.23
>> 42.19200300.100.1.25=netsuccess,0.9.2342.19200300.100.1.25=ch
>> accessControlSubentries:
>> 2.5.4.3=se_ldap_full_administrators,0.9.2342.192003
>> 00.100.1.25=netsuccess,0.9.2342.19200300.100.1.25=ch
>> createTimestamp: 20091019143703Z
>> creatorsName: 2.5.4.3=mzu_adm,2.5.4.11=users,2.5.4.11=system
> 
> Ok, you should can't add operational attributes (in your case:
> accessControlSubentries, createTimestamp, creatorsName). They are
> created by the server.

I tested to inject that entry, and I was successful. This is an issue of
the server, I'll create an Jira right now.

Just to make clear: You don't need to import the
'accessControlSubentries' operational attribute. It is created
automatically by ApacheDS if a subentry's subtreeSpecification matches
an entry.

I'll try to give you a receipe how to migrate your data:

1st)
Export the 'normal entries'. To do this select 'All user attributes' in
the export dialog and additionally add 'administrativeRole' to the
'Returning Attributes' field.

2nd)
Export the 'subentries'. To do this select 'All user attributes' in the
export dialog and add 'prescriptiveACI, subtreeSpecification' to the
'Returning Attributes' field. Additionally check the 'Subentries
Control' checkbox.

Note: Don't check the 'Operational attributes' checkbox but only add
those operational attributes that are really required.

3rd)
Import the 'normal entries'. As you already found out the LDIF may be
unsorted, so just import it multiple times.

4th)
Import the 'subentries'.

Note: Make sure to select the options 'Fetch operational attributes
while browsing' and 'Fetch subentries while browsing' in the connection
properties of your new connection to be able to see the hidden stuff.

I hope this helps. I'd appreciate any feedback, don't hesitate to ask
further questions.

Kind Regards,
Stefan


Mime
View raw message