After RHEL, etc dropped OpenLDAP, I’ve begun testing with 389 Directory Server. Currently, I’m trying to use openldap_to_ds to import slapd.d config and an LDIF export to import my old database into the new server. I’ve created a new instance in 389-ds named terminal-config. I’ve tried the following variations on the idea, all of which gave me the same results:
* exported the LDIF from OpenLDAP 2.4 on Oracle Linux 7 and CentOS 6 servers. * Rewrote all files being imported to make sure they weren’t corrupt. * used relative and absolute path names to the files * Tried importing with a new instance (as mentioned above) and no instance at all * When using dscreate to make the new instance, I’ve tried setting it up differently (allowed sample entries and not, etc) No matter what I do, this is what I get when I try: [root@ldaptest ~]# openldap_to_ds terminal-config /root/slapd.d /root/terminals.ldif Examining OpenLDAP Configuration ... Traceback (most recent call last): File "/usr/sbin/openldap_to_ds", line 250, in <module> result = do_migration(inst, log, args, skip_overlays) File "/usr/sbin/openldap_to_ds", line 178, in do_migration config = olConfig(args.slapd_config, log) File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 305, in __init__ for db in dbs File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 305, in <listcomp> for db in dbs File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 112, in __init__ self.suffix = ensure_str(self.config[1]['olcSuffix'][0]) KeyError: 'olcSuffix'
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/sbin/openldap_to_ds", line 257, in <module> log.error("Error: %s" % " - ".join(str(val) for val in msg.values())) AttributeError: 'str' object has no attribute 'values' [root@ldaptest ~]#
Any thoughts on what could be causing this?
-- [Micro Electronics Inc]
Jason Lewis
Systems Administrator
jwlewis@microcenter.commailto:jwlewis@microcenter.com
|
[signature_251198827]
614-777-2728
[Micro Center Secure Email]
CONFIDENTIALITY NOTICE: This e-mail message including attachments, if any, is intended exclusively for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you receive this message in error, please contact the sender by reply e-mail and destroy all copies of the original message and attachments. Thank you
What version of 389-ds-base are you using?
Check out these docs if you haven't already:
https://www.port389.org/docs/389ds/howto/howto-openldap-migration.html
https://www.port389.org/docs/389ds/design/openldap2ds.html
Thanks,
Mark
On 2/22/22 3:59 PM, Jason W. Lewis wrote:
After RHEL, etc dropped OpenLDAP, I’ve begun testing with 389 Directory Server. Currently, I’m trying to use openldap_to_ds to import slapd.d config and an LDIF export to import my old database into the new server.
I’ve created a new instance in 389-ds named terminal-config. I’ve tried the following variations on the idea, all of which gave me the same results:
- exported the LDIF from OpenLDAP 2.4 on Oracle Linux 7 and CentOS 6 servers.
- Rewrote all files being imported to make sure they weren’t corrupt.
- used relative and absolute path names to the files
- Tried importing with a new instance (as mentioned above) and no instance at all
- When using dscreate to make the new instance, I’ve tried setting it up differently (allowed sample entries and not, etc)
No matter what I do, this is what I get when I try:
[root@ldaptest ~]# openldap_to_ds terminal-config /root/slapd.d /root/terminals.ldif
Examining OpenLDAP Configuration ...
Traceback (most recent call last):
File "/usr/sbin/openldap_to_ds", line 250, in <module>
result = do_migration(inst, log, args, skip_overlays)
File "/usr/sbin/openldap_to_ds", line 178, in do_migration
config = olConfig(args.slapd_config, log)
File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 305, in __init__
for db in dbs
File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 305, in <listcomp>
for db in dbs
File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 112, in __init__
self.suffix = ensure_str(self.config[1]['olcSuffix'][0])
KeyError: 'olcSuffix'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/sbin/openldap_to_ds", line 257, in <module>
log.error("Error: %s" % " - ".join(str(val) for val in msg.values()))
AttributeError: 'str' object has no attribute 'values'
[root@ldaptest ~]#
Any thoughts on what could be causing this?
--
Micro Electronics Inc
Jason Lewis
Systems Administrator
jwlewis@microcenter.com mailto:jwlewis@microcenter.com
|
signature_251198827
614-777-2728
Micro Center Secure Email
CONFIDENTIALITY NOTICE: This e-mail message including attachments, if any, is intended exclusively for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you receive this message in error, please contact the sender by reply e-mail and destroy all copies of the original message and attachments. Thank you
389-users mailing list --389-users@lists.fedoraproject.org To unsubscribe send an email to389-users-leave@lists.fedoraproject.org Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam on the list, report it:https://pagure.io/fedora-infrastructure
Mark, Thanks for that. I have gone through those docs already, and I’m still running into it. My 389-ds-base package is version 1.4.4.17.
-- Jason Lewis
Systems Administrator
From: Mark Reynolds mareynol@redhat.com Date: Tuesday, February 22, 2022 at 16:08 To: "General discussion list for the 389 Directory server project." 389-users@lists.fedoraproject.org, "Jason W. Lewis" jwlewis@microcenter.com Subject: Re: [389-users] OpenLDAP import into 389 Directory Server failing
External email – Please make sure you trust the source before clicking links or opening attachments.
What version of 389-ds-base are you using?
Check out these docs if you haven't already:
https://www.port389.org/docs/389ds/howto/howto-openldap-migration.html
https://www.port389.org/docs/389ds/design/openldap2ds.html
Thanks,
Mark On 2/22/22 3:59 PM, Jason W. Lewis wrote: After RHEL, etc dropped OpenLDAP, I’ve begun testing with 389 Directory Server. Currently, I’m trying to use openldap_to_ds to import slapd.d config and an LDIF export to import my old database into the new server. I’ve created a new instance in 389-ds named terminal-config. I’ve tried the following variations on the idea, all of which gave me the same results:
1. exported the LDIF from OpenLDAP 2.4 on Oracle Linux 7 and CentOS 6 servers. 2. Rewrote all files being imported to make sure they weren’t corrupt. 3. used relative and absolute path names to the files 4. Tried importing with a new instance (as mentioned above) and no instance at all 5. When using dscreate to make the new instance, I’ve tried setting it up differently (allowed sample entries and not, etc) No matter what I do, this is what I get when I try: [root@ldaptest ~]# openldap_to_ds terminal-config /root/slapd.d /root/terminals.ldif Examining OpenLDAP Configuration ... Traceback (most recent call last): File "/usr/sbin/openldap_to_ds", line 250, in <module> result = do_migration(inst, log, args, skip_overlays) File "/usr/sbin/openldap_to_ds", line 178, in do_migration config = olConfig(args.slapd_config, log) File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 305, in __init__ for db in dbs File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 305, in <listcomp> for db in dbs File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 112, in __init__ self.suffix = ensure_str(self.config[1]['olcSuffix'][0]) KeyError: 'olcSuffix'
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/sbin/openldap_to_ds", line 257, in <module> log.error("Error: %s" % " - ".join(str(val) for val in msg.values())) AttributeError: 'str' object has no attribute 'values' [root@ldaptest ~]#
Any thoughts on what could be causing this?
-- [Micro Electronics Inc]
Jason Lewis
Systems Administrator
jwlewis@microcenter.commailto:jwlewis@microcenter.com
|
[signature_251198827]
614-777-2728
[Micro Center Secure Email]
CONFIDENTIALITY NOTICE: This e-mail message including attachments, if any, is intended exclusively for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you receive this message in error, please contact the sender by reply e-mail and destroy all copies of the original message and attachments. Thank you
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.orgmailto:389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.orgmailto:389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
--
Directory Server Development Team
Can you please open the bug report as mentioned?
On 23 Feb 2022, at 07:14, Jason W. Lewis jwlewis@microcenter.com wrote:
Mark, Thanks for that. I have gone through those docs already, and I’m still running into it. My 389-ds-base package is version 1.4.4.17.
-- Jason Lewis Systems Administrator
From: Mark Reynolds mareynol@redhat.com Date: Tuesday, February 22, 2022 at 16:08 To: "General discussion list for the 389 Directory server project." 389-users@lists.fedoraproject.org, "Jason W. Lewis" jwlewis@microcenter.com Subject: Re: [389-users] OpenLDAP import into 389 Directory Server failing
External email – Please make sure you trust the source before clicking links or opening attachments.
What version of 389-ds-base are you using?
Check out these docs if you haven't already:
https://www.port389.org/docs/389ds/howto/howto-openldap-migration.html
https://www.port389.org/docs/389ds/design/openldap2ds.html
Thanks,
Mark
On 2/22/22 3:59 PM, Jason W. Lewis wrote: After RHEL, etc dropped OpenLDAP, I’ve begun testing with 389 Directory Server. Currently, I’m trying to use openldap_to_ds to import slapd.d config and an LDIF export to import my old database into the new server. I’ve created a new instance in 389-ds named terminal-config. I’ve tried the following variations on the idea, all of which gave me the same results: • exported the LDIF from OpenLDAP 2.4 on Oracle Linux 7 and CentOS 6 servers. • Rewrote all files being imported to make sure they weren’t corrupt. • used relative and absolute path names to the files • Tried importing with a new instance (as mentioned above) and no instance at all • When using dscreate to make the new instance, I’ve tried setting it up differently (allowed sample entries and not, etc) No matter what I do, this is what I get when I try: [root@ldaptest ~]# openldap_to_ds terminal-config /root/slapd.d /root/terminals.ldif Examining OpenLDAP Configuration ... Traceback (most recent call last): File "/usr/sbin/openldap_to_ds", line 250, in <module> result = do_migration(inst, log, args, skip_overlays) File "/usr/sbin/openldap_to_ds", line 178, in do_migration config = olConfig(args.slapd_config, log) File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 305, in __init__ for db in dbs File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 305, in <listcomp> for db in dbs File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 112, in __init__ self.suffix = ensure_str(self.config[1]['olcSuffix'][0]) KeyError: 'olcSuffix'
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/sbin/openldap_to_ds", line 257, in <module> log.error("Error: %s" % " - ".join(str(val) for val in msg.values())) AttributeError: 'str' object has no attribute 'values' [root@ldaptest ~]#
Any thoughts on what could be causing this?
-- <image001.jpg> Jason Lewis Systems Administrator jwlewis@microcenter.com | <image002.jpg> 614-777-2728
<image003.jpg>
CONFIDENTIALITY NOTICE: This e-mail message including attachments, if any, is intended exclusively for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you receive this message in error, please contact the sender by reply e-mail and destroy all copies of the original message and attachments. Thank you
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure -- Directory Server Development Team _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
-- Sincerely,
William Brown
Senior Software Engineer, Identity and Access Management SUSE Labs, Australia
Mark, Thanks for that. I have gone through those docs already, and I’m still running into it. My 389-ds-base package is version 1.4.4.17.
-- Jason Lewis
Systems Administrator
From: Mark Reynolds mareynol@redhat.com Date: Tuesday, February 22, 2022 at 16:08 To: "General discussion list for the 389 Directory server project." 389-users@lists.fedoraproject.org, "Jason W. Lewis" jwlewis@microcenter.com Subject: Re: [389-users] OpenLDAP import into 389 Directory Server failing
External email – Please make sure you trust the source before clicking links or opening attachments.
What version of 389-ds-base are you using?
Check out these docs if you haven't already:
https://www.port389.org/docs/389ds/howto/howto-openldap-migration.html
https://www.port389.org/docs/389ds/design/openldap2ds.html
Thanks,
Mark On 2/22/22 3:59 PM, Jason W. Lewis wrote: After RHEL, etc dropped OpenLDAP, I’ve begun testing with 389 Directory Server. Currently, I’m trying to use openldap_to_ds to import slapd.d config and an LDIF export to import my old database into the new server. I’ve created a new instance in 389-ds named terminal-config. I’ve tried the following variations on the idea, all of which gave me the same results:
1. exported the LDIF from OpenLDAP 2.4 on Oracle Linux 7 and CentOS 6 servers. 2. Rewrote all files being imported to make sure they weren’t corrupt. 3. used relative and absolute path names to the files 4. Tried importing with a new instance (as mentioned above) and no instance at all 5. When using dscreate to make the new instance, I’ve tried setting it up differently (allowed sample entries and not, etc) No matter what I do, this is what I get when I try: [root@ldaptest ~]# openldap_to_ds terminal-config /root/slapd.d /root/terminals.ldif Examining OpenLDAP Configuration ... Traceback (most recent call last): File "/usr/sbin/openldap_to_ds", line 250, in <module> result = do_migration(inst, log, args, skip_overlays) File "/usr/sbin/openldap_to_ds", line 178, in do_migration config = olConfig(args.slapd_config, log) File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 305, in __init__ for db in dbs File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 305, in <listcomp> for db in dbs File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 112, in __init__ self.suffix = ensure_str(self.config[1]['olcSuffix'][0]) KeyError: 'olcSuffix'
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/sbin/openldap_to_ds", line 257, in <module> log.error("Error: %s" % " - ".join(str(val) for val in msg.values())) AttributeError: 'str' object has no attribute 'values' [root@ldaptest ~]#
Any thoughts on what could be causing this?
-- [Micro Electronics Inc]
Jason Lewis
Systems Administrator
jwlewis@microcenter.commailto:jwlewis@microcenter.com
|
[signature_251198827]
614-777-2728
[Micro Center Secure Email]
CONFIDENTIALITY NOTICE: This e-mail message including attachments, if any, is intended exclusively for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you receive this message in error, please contact the sender by reply e-mail and destroy all copies of the original message and attachments. Thank you
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.orgmailto:389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.orgmailto:389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
--
Directory Server Development Team
Can you open a bug on github for this, I think it's a new issue. It would be great if you could attach your config directory too.
On 23 Feb 2022, at 07:15, Jason W. Lewis jwlewis@microcenter.com wrote:
Mark, Thanks for that. I have gone through those docs already, and I’m still running into it. My 389-ds-base package is version 1.4.4.17.
-- Jason Lewis Systems Administrator
From: Mark Reynolds mareynol@redhat.com Date: Tuesday, February 22, 2022 at 16:08 To: "General discussion list for the 389 Directory server project." 389-users@lists.fedoraproject.org, "Jason W. Lewis" jwlewis@microcenter.com Subject: Re: [389-users] OpenLDAP import into 389 Directory Server failing
External email – Please make sure you trust the source before clicking links or opening attachments.
What version of 389-ds-base are you using?
Check out these docs if you haven't already:
https://www.port389.org/docs/389ds/howto/howto-openldap-migration.html
https://www.port389.org/docs/389ds/design/openldap2ds.html
Thanks,
Mark
On 2/22/22 3:59 PM, Jason W. Lewis wrote: After RHEL, etc dropped OpenLDAP, I’ve begun testing with 389 Directory Server. Currently, I’m trying to use openldap_to_ds to import slapd.d config and an LDIF export to import my old database into the new server. I’ve created a new instance in 389-ds named terminal-config. I’ve tried the following variations on the idea, all of which gave me the same results: • exported the LDIF from OpenLDAP 2.4 on Oracle Linux 7 and CentOS 6 servers. • Rewrote all files being imported to make sure they weren’t corrupt. • used relative and absolute path names to the files • Tried importing with a new instance (as mentioned above) and no instance at all • When using dscreate to make the new instance, I’ve tried setting it up differently (allowed sample entries and not, etc) No matter what I do, this is what I get when I try: [root@ldaptest ~]# openldap_to_ds terminal-config /root/slapd.d /root/terminals.ldif Examining OpenLDAP Configuration ... Traceback (most recent call last): File "/usr/sbin/openldap_to_ds", line 250, in <module> result = do_migration(inst, log, args, skip_overlays) File "/usr/sbin/openldap_to_ds", line 178, in do_migration config = olConfig(args.slapd_config, log) File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 305, in __init__ for db in dbs File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 305, in <listcomp> for db in dbs File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 112, in __init__ self.suffix = ensure_str(self.config[1]['olcSuffix'][0]) KeyError: 'olcSuffix'
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/sbin/openldap_to_ds", line 257, in <module> log.error("Error: %s" % " - ".join(str(val) for val in msg.values())) AttributeError: 'str' object has no attribute 'values' [root@ldaptest ~]#
Any thoughts on what could be causing this?
-- <image001.jpg> Jason Lewis Systems Administrator jwlewis@microcenter.com | <image002.jpg> 614-777-2728
<image003.jpg>
CONFIDENTIALITY NOTICE: This e-mail message including attachments, if any, is intended exclusively for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you receive this message in error, please contact the sender by reply e-mail and destroy all copies of the original message and attachments. Thank you
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure -- Directory Server Development Team _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
-- Sincerely,
William Brown
Sesion Software Engineer, Identity and Access Management SUSE Labs, Australia
Ok, I finished the migration, but I had to ditch openldap_to_ds, it never worked, even after I migrated our custom schema to 389-DS. (Thank you Paul for pointing me in the direction of schemas.). It also failed with 389-DS v2.0.
Here’s what I did:
1. Uninstalled DS 1.4 and installed 2.0 from EPEL. This got me the entryuuid plugin. 2. Made a copy of slapd.d and exported the database to LDIF (using slapcat). Instructions for this can be found at: https://directory.fedoraproject.org/docs/389ds/howto/howto-openldap-migratio... . 3. Used ol-schema-migrate.pl to convert our OpenLDAP schema file to DS, and copied the new file to /etc/dirsrv/schema. I found the script at https://directory.fedoraproject.org/docs/389ds/howto/howto-openldapmigration... . 4. Created a new DS instance using all the defaults, except: - changed the instance name to one that represented my LDAP database purpose - changed the suffix to match the suffix from my OpenLDAP database. 5. Removed unneeded and problematic OpenLDAP replsync entries from my LDIF export: - entryCSN - contextCSN 6. Used ldapadd to import the LDIF. - ldapadd -x -D "cn=Directory Manager" -W -f myexport.ldif
Everything imported, and I now have a test copy of our LDAP DB in 389-DS!
Typing this up has me thinking though, since entryuuid is also just an OpenLDAP implementation, I should be able to remove that from my LDIF. Does anyone disagree with that? I need to give that a shot...
Thank you again Mark and Paul, and hopefully, this will help anyone else struggling with an OpenLDAP to 389-DS migration.
-- Jason Lewis Systems Administrator
From: "Jason W. Lewis" jwlewis@microcenter.com Date: Tuesday, February 22, 2022 at 16:15 To: "General discussion list for the 389 Directory server project." 389-users@lists.fedoraproject.org Subject: Re: [389-users] OpenLDAP import into 389 Directory Server failing
Mark, Thanks for that. I have gone through those docs already, and I’m still running into it. My 389-ds-base package is version 1.4.4.17. -- Jason Lewis Systems Administrator
From: Mark Reynolds mareynol@redhat.com Date: Tuesday, February 22, 2022 at 16:08 To: "General discussion list for the 389 Directory server project." 389-users@lists.fedoraproject.org, "Jason W. Lewis" jwlewis@microcenter.com Subject: Re: [389-users] OpenLDAP import into 389 Directory Server failing
External email – Please make sure you trust the source before clicking links or opening attachments. What version of 389-ds-base are you using? Check out these docs if you haven't already: https://www.port389.org/docs/389ds/howto/howto-openldap-migration.html https://www.port389.org/docs/389ds/design/openldap2ds.html Thanks, Mark On 2/22/22 3:59 PM, Jason W. Lewis wrote: After RHEL, etc dropped OpenLDAP, I’ve begun testing with 389 Directory Server. Currently, I’m trying to use openldap_to_ds to import slapd.d config and an LDIF export to import my old database into the new server. I’ve created a new instance in 389-ds named terminal-config. I’ve tried the following variations on the idea, all of which gave me the same results: 1. exported the LDIF from OpenLDAP 2.4 on Oracle Linux 7 and CentOS 6 servers. 2. Rewrote all files being imported to make sure they weren’t corrupt. 3. used relative and absolute path names to the files 4. Tried importing with a new instance (as mentioned above) and no instance at all 5. When using dscreate to make the new instance, I’ve tried setting it up differently (allowed sample entries and not, etc) No matter what I do, this is what I get when I try: [root@ldaptest ~]# openldap_to_ds terminal-config /root/slapd.d /root/terminals.ldif Examining OpenLDAP Configuration ... Traceback (most recent call last): File "/usr/sbin/openldap_to_ds", line 250, in <module> result = do_migration(inst, log, args, skip_overlays) File "/usr/sbin/openldap_to_ds", line 178, in do_migration config = olConfig(args.slapd_config, log) File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 305, in __init__ for db in dbs File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 305, in <listcomp> for db in dbs File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 112, in __init__ self.suffix = ensure_str(self.config[1]['olcSuffix'][0]) KeyError: 'olcSuffix' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/sbin/openldap_to_ds", line 257, in <module> log.error("Error: %s" % " - ".join(str(val) for val in msg.values())) AttributeError: 'str' object has no attribute 'values' [root@ldaptest ~]# Any thoughts on what could be causing this? --
Jason Lewis Systems Administrator mailto:jwlewis@microcenter.com |
614-777-2728
CONFIDENTIALITY NOTICE: This e-mail message including attachments, if any, is intended exclusively for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you receive this message in error, please contact the sender by reply e-mail and destroy all copies of the original message and attachments. Thank you
_______________________________________________ 389-users mailing list -- mailto:389-users@lists.fedoraproject.org To unsubscribe send an email to mailto:389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
On 26 Feb 2022, at 05:36, Jason W. Lewis jwlewis@microcenter.com wrote:
Ok, I finished the migration, but I had to ditch openldap_to_ds, it never worked, even after I migrated our custom schema to 389-DS. (Thank you Paul for pointing me in the direction of schemas.). It also failed with 389-DS v2.0.
Can you open a bug report about the failure on github so we can fix it?
Here’s what I did:
- Uninstalled DS 1.4 and installed 2.0 from EPEL. This got me the entryuuid plugin.
- Made a copy of slapd.d and exported the database to LDIF (using slapcat). Instructions for this can be found at:
https://directory.fedoraproject.org/docs/389ds/howto/howto-openldap-migration.html .
- Used ol-schema-migrate.pl to convert our OpenLDAP schema file to DS, and copied the new file to /etc/dirsrv/schema. I found the script at
https://directory.fedoraproject.org/docs/389ds/howto/howto-openldapmigration.html .
You need to be careful with this, we don't support all the syntax types that openldap does.
- Created a new DS instance using all the defaults, except:
- changed the instance name to one that represented my LDAP database purpose
- changed the suffix to match the suffix from my OpenLDAP database.
- Removed unneeded and problematic OpenLDAP replsync entries from my LDIF export:
- entryCSN
- contextCSN
- Used ldapadd to import the LDIF.
- ldapadd -x -D "cn=Directory Manager" -W -f myexport.ldif
Everything imported, and I now have a test copy of our LDAP DB in 389-DS!
You described what openldap_to_ds does internally :)
Typing this up has me thinking though, since entryuuid is also just an OpenLDAP implementation, I should be able to remove that from my LDIF. Does anyone disagree with that? I need to give that a shot...
It's often used as a primary key by external applications, so you can't remove it. That's why we wrote the entryuuid plugin so that we can import these and not break those application associations.
Thank you again Mark and Paul, and hopefully, this will help anyone else struggling with an OpenLDAP to 389-DS migration.
-- Jason Lewis Systems Administrator
From: "Jason W. Lewis" jwlewis@microcenter.com Date: Tuesday, February 22, 2022 at 16:15 To: "General discussion list for the 389 Directory server project." 389-users@lists.fedoraproject.org Subject: Re: [389-users] OpenLDAP import into 389 Directory Server failing
Mark, Thanks for that. I have gone through those docs already, and I’m still running into it. My 389-ds-base package is version 1.4.4.17.
-- Jason Lewis Systems Administrator
From: Mark Reynolds mareynol@redhat.com Date: Tuesday, February 22, 2022 at 16:08 To: "General discussion list for the 389 Directory server project." 389-users@lists.fedoraproject.org, "Jason W. Lewis" jwlewis@microcenter.com Subject: Re: [389-users] OpenLDAP import into 389 Directory Server failing
External email – Please make sure you trust the source before clicking links or opening attachments. What version of 389-ds-base are you using? Check out these docs if you haven't already: https://www.port389.org/docs/389ds/howto/howto-openldap-migration.html https://www.port389.org/docs/389ds/design/openldap2ds.html Thanks, Mark On 2/22/22 3:59 PM, Jason W. Lewis wrote: After RHEL, etc dropped OpenLDAP, I’ve begun testing with 389 Directory Server. Currently, I’m trying to use openldap_to_ds to import slapd.d config and an LDIF export to import my old database into the new server. I’ve created a new instance in 389-ds named terminal-config. I’ve tried the following variations on the idea, all of which gave me the same results:
- exported the LDIF from OpenLDAP 2.4 on Oracle Linux 7 and CentOS 6 servers.
- Rewrote all files being imported to make sure they weren’t corrupt.
- used relative and absolute path names to the files
- Tried importing with a new instance (as mentioned above) and no instance at all
- When using dscreate to make the new instance, I’ve tried setting it up differently (allowed sample entries and not, etc)
No matter what I do, this is what I get when I try: [root@ldaptest ~]# openldap_to_ds terminal-config /root/slapd.d /root/terminals.ldif Examining OpenLDAP Configuration ... Traceback (most recent call last): File "/usr/sbin/openldap_to_ds", line 250, in <module> result = do_migration(inst, log, args, skip_overlays) File "/usr/sbin/openldap_to_ds", line 178, in do_migration config = olConfig(args.slapd_config, log) File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 305, in __init__ for db in dbs File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 305, in <listcomp> for db in dbs File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 112, in __init__ self.suffix = ensure_str(self.config[1]['olcSuffix'][0]) KeyError: 'olcSuffix'
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/sbin/openldap_to_ds", line 257, in <module> log.error("Error: %s" % " - ".join(str(val) for val in msg.values())) AttributeError: 'str' object has no attribute 'values' [root@ldaptest ~]#
Any thoughts on what could be causing this?
--
Jason Lewis Systems Administrator mailto:jwlewis@microcenter.com |
614-777-2728
CONFIDENTIALITY NOTICE: This e-mail message including attachments, if any, is intended exclusively for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you receive this message in error, please contact the sender by reply e-mail and destroy all copies of the original message and attachments. Thank you
389-users mailing list -- mailto:389-users@lists.fedoraproject.org To unsubscribe send an email to mailto:389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure -- Directory Server Development Team
<image001.jpg><image002.jpg><image003.jpg>_______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
-- Sincerely,
William Brown
Sesion Software Engineer, Identity and Access Management SUSE Labs, Australia
This is just an educated guess but It looks like you may be missing some schemas
On Tue, Feb 22, 2022, 4:00 PM Jason W. Lewis jwlewis@microcenter.com wrote:
After RHEL, etc dropped OpenLDAP, I’ve begun testing with 389 Directory Server. Currently, I’m trying to use openldap_to_ds to import slapd.d config and an LDIF export to import my old database into the new server.
I’ve created a new instance in 389-ds named terminal-config. I’ve tried the following variations on the idea, all of which gave me the same results:
- exported the LDIF from OpenLDAP 2.4 on Oracle Linux 7 and CentOS 6
servers.
- Rewrote all files being imported to make sure they weren’t corrupt.
- used relative and absolute path names to the files
- Tried importing with a new instance (as mentioned above) and no
instance at all
- When using dscreate to make the new instance, I’ve tried setting it
up differently (allowed sample entries and not, etc)
No matter what I do, this is what I get when I try:
[root@ldaptest ~]# openldap_to_ds terminal-config /root/slapd.d /root/terminals.ldif
Examining OpenLDAP Configuration ...
Traceback (most recent call last):
File "/usr/sbin/openldap_to_ds", line 250, in <module>
result = do_migration(inst, log, args, skip_overlays)
File "/usr/sbin/openldap_to_ds", line 178, in do_migration
config = olConfig(args.slapd_config, log)
File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 305, in __init__
for db in dbs
File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 305, in <listcomp>
for db in dbs
File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 112, in __init__
self.suffix = ensure_str(self.config[1]['olcSuffix'][0])
KeyError: 'olcSuffix'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/sbin/openldap_to_ds", line 257, in <module>
log.error("Error: %s" % " - ".join(str(val) for val in msg.values()))
AttributeError: 'str' object has no attribute 'values'
[root@ldaptest ~]#
Any thoughts on what could be causing this?
--
[image: Micro Electronics Inc]
Jason Lewis
Systems Administrator
jwlewis@microcenter.com
|
[image: signature_251198827]
614-777-2728
[image: Micro Center Secure Email]
CONFIDENTIALITY NOTICE: This e-mail message including attachments, if any, is intended exclusively for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you receive this message in error, please contact the sender by reply e-mail and destroy all copies of the original message and attachments. Thank you
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
No, it's a bug in the migration tool most likely.
On 25 Feb 2022, at 02:11, Paul Robert Marino prmarino1@gmail.com wrote:
This is just an educated guess but It looks like you may be missing some schemas
On Tue, Feb 22, 2022, 4:00 PM Jason W. Lewis jwlewis@microcenter.com wrote: After RHEL, etc dropped OpenLDAP, I’ve begun testing with 389 Directory Server. Currently, I’m trying to use openldap_to_ds to import slapd.d config and an LDIF export to import my old database into the new server.
I’ve created a new instance in 389-ds named terminal-config. I’ve tried the following variations on the idea, all of which gave me the same results:
• exported the LDIF from OpenLDAP 2.4 on Oracle Linux 7 and CentOS 6 servers. • Rewrote all files being imported to make sure they weren’t corrupt. • used relative and absolute path names to the files • Tried importing with a new instance (as mentioned above) and no instance at all • When using dscreate to make the new instance, I’ve tried setting it up differently (allowed sample entries and not, etc) No matter what I do, this is what I get when I try:
[root@ldaptest ~]# openldap_to_ds terminal-config /root/slapd.d /root/terminals.ldif
Examining OpenLDAP Configuration ...
Traceback (most recent call last):
File "/usr/sbin/openldap_to_ds", line 250, in <module>
result = do_migration(inst, log, args, skip_overlays)
File "/usr/sbin/openldap_to_ds", line 178, in do_migration
config = olConfig(args.slapd_config, log)
File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 305, in __init__
for db in dbs
File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 305, in <listcomp>
for db in dbs
File "/usr/lib/python3.6/site-packages/lib389/migrate/openldap/config.py", line 112, in __init__
self.suffix = ensure_str(self.config[1]['olcSuffix'][0])
KeyError: 'olcSuffix'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/sbin/openldap_to_ds", line 257, in <module>
log.error("Error: %s" % " - ".join(str(val) for val in msg.values()))
AttributeError: 'str' object has no attribute 'values'
[root@ldaptest ~]#
Any thoughts on what could be causing this?
--
Jason Lewis
Systems Administrator
jwlewis@microcenter.com
|
614-777-2728
CONFIDENTIALITY NOTICE: This e-mail message including attachments, if any, is intended exclusively for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you receive this message in error, please contact the sender by reply e-mail and destroy all copies of the original message and attachments. Thank you
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure <image001.jpg><image002.jpg><image003.jpg><image001.jpg>_______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
-- Sincerely,
William Brown
Sesion Software Engineer, Identity and Access Management SUSE Labs, Australia
389-users@lists.fedoraproject.org