On 04/28/2014 11:24 AM, Brian Arthur wrote:

From: Rich Megginson [mailto:rmeggins@redhat.com]
Sent: Friday, April 25, 2014 2:02 PM
To: General discussion list for the 389 Directory server project.; brianpatrickarthur@gmail.com
Subject: Re: [389-users] Export/Import: openldap-2.3.27 to 389-ds-1.2.2-1

 

On 04/25/2014 02:02 PM, Brian Arthur wrote:

Hi,

 

I’m trying to import an openldap-2.3.27 export into 389-ds-1.2.2-1


Note - 389-ds is just a "meta" package - please reference the version of 389-ds-base, which is the core LDAP server package.

Correction: 389-ds-base-1.2.10


I would strongly encourage you to upgrade to 1.2.11 or later.

 

and am getting the follow errors in the “rejects” file:

Invalid syntax. cn: value #0 invalid per syntax

 

Sample: cn:: TWFyaW8gUmH6bCBDaGFuZw==


I thought openldap 2.3 had strict syntax checking, that would not have allowed this value at all - perhaps it was turned off?

I’m not sure if it was turned off. How can I tell? All the “syntax” plugins I looked at in my config are “on”.


How can you tell in openldap server?  I don't know.

I would like to turn it back on and enforce UTF-8. There is a PERL based application that we use to populate LDAP entries and I that is how the LATIN-1 values get entered. I’ll talk with the developer of the PERL application to start using  UTF-8. I hope that openldap-2.3.27 can handle UTF-8.


Yes, openldap can handle UTF-8.  In fact, the LDAP standard _requires_ the use of UTF-8, which is why it is strange that openldap even allowed non-UTF-8 data in the first place.

 

I’ve determined (I think) that these errors are from CN value pair that are base64 encoded LATIN1 characters.


Correct.


If I decode string(base64 command), convert it to UTF8(via iconv), I can import into Fedora389 successfully. I have a lot of entries with these values and am looking for an easy solution.

 

Has anyone come across this before and written a script to process an LDIF file or a different way to transfer the data? I’m not much of a programmer but I do have programmers in my organization that could assist me if a script is the best solution.


Scripting is the best way.  I recommend python-ldap.  I am not aware of a script that does this.

I will look into python-ldap for converting the file. Thanks for the suggestion.

 

Thanks!

 

PS – I hope this messages posts in a nice, readable format!

 

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

 



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users