[plug] LDAP migration help

Ian Kent raven at themaw.net
Fri Jun 22 21:31:46 WST 2007 

On Wed, 2007-06-13 at 14:27 +0100, Phillip Bennett wrote:
> Hi everyone,
> 
> I am trying to migrate our NIS services (users, autofs etc) to an LDAP 
> server. I have found the Migration Tools from PADL (www.padl.com) and I am 
> having a few weird problems.
> 
> When running the "migrate_all_nis_online.sh" script, I recieve the following 
> error:
> 
> adding new entry "uid=clare,ou=People,dc=mve,dc=com"
> ldap_add: Invalid syntax (21)
>         additional info: objectClass: value #6 invalid per syntax
> 
> The data in question from the created ldif file is as follows:
> 
> dn: uid=clare,ou=People,dc=mve,dc=com
> uid: clare
> cn: Clare Bond
> givenName: Clare
> sn: Bond
> mail: clare at mve.com
> mailRoutingAddress: clare at islay.mve.com

So is it saying this is the broken entry, I wonder?

> mailHost: islay.mve.com
> objectClass: inetLocalMailRecipient
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: top
> objectClass: kerberosSecurityObject
> userPassword: {crypt}<snip!>
> krbName: clare at MVE.COM
> loginShell: /bin/tcsh
> uidNumber: 2049
> gidNumber: 20
> homeDirectory: /homes/clare
> gecos: Clare Bond
> 
> I'm not sure exactly which value is giving the error, but after removing all 
> the mail ones, it looks like it's one of the objectClass values.  There is 
> no white space, and the values all look right to me.
> 
> All the howtos I have read so far indicate that the "USE_EXTENDED_SCHEMA" 
> VALUE SHOULD BE SET TO 1.  However, if I set it to 0, the LDIF file gives 
> the following data:
> 
> dn: uid=clare,ou=People,dc=mve,dc=com
> uid: clare
> cn: Clare Bond
> objectClass: account
> objectClass: posixAccount
> objectClass: top
> userPassword: {crypt}<snip!>
> loginShell: /bin/tcsh
> uidNumber: 2049
> gidNumber: 20
> homeDirectory: /homes/clare
> gecos: Clare Bond
> 
> Then, the resulting LDIF file works properly (after a bout of deleting 
> duplicate service informatoin) and I have an LDAP database.  So the question 
> becomes, "Do I need the extended schema?"

Surely, only if you use it.
Standard user account authentication shouldn't need it.
Perhaps the email server could use the info but you may be better adding
that when needed (and only what's needed).

> 
> The relevant includes from the slapd.conf file are: core.schema, 
> cosine.schema, inetorgperson.schema, nis.schemfa, samba.schema, 
> autofs.schema and misc.schema.  I am hoping to be able to use the LDAP 
> server for samba authentication later on (If it ever works!) and 
> authenticate the windows clients to the samba server., thus giving linux and 
> windows a single user database for everything.

The autofs maps probably should be converted to use the rfc2307bis
schema. This schema will require you replace the autofs.schema.
Even though the NIS schema is still the default in autofs it will
eventually change to rfc2307bis.
 
Ian

More information about the plug mailing list