Rich Megginson rmeggins@redhat.com wrote:
Bryan K. Wright wrote:
[...]
Also, the padl migration tools use objectClasses
"posixAccount","account" and "shadowAccount" for entries in the passwd file, but fedora-ds seems to expect "person", "organizationalPerson" and "inetorgperson".
Similar to the above, entries can be both inetOrgPerson and posixAccount, shadowAccount, and account (see the caveat about using the account objectclass here - http://directory.fedora.redhat.com/wiki/Howto:Posix)
You can cause the migration tools to use inetOrgPerson instead of account for your structural class by either
1) Setting the environment variable $LDAP_EXTENDED_SCHEMA to 1 before running the migration scripts, or
2) Editing /usr/share/openldap/migration/migrate_common.ph so that $EXTENDED_SCHEMA = 0; on line 90 or so reads $EXTENDED_SCHEMA = 1;
Then you can add the hostObject class manually to inetOrgPerson if you really need it, and not use account at all.
You can also cause groups to be put in ou=Groups instead of ou=Group by editing line 61 or so of migrate_common.ph appropriately. This is in the middle of the else condition of the test for the presence of /usr/sbin/mkslapdconf ($NETINFOBRIDGE). It'll use posixGroup as the structural class, of course, which leads into the whole discussion of whether you can/should use groupOfUniqueNames as well that we just recently had on the list.
The PADL migration scripts are a bit rickety; it's a good idea to always check their output for sanity.
-- Steve Bonneville
389-users@lists.fedoraproject.org