CentOS 8.x Migrate OpenLDAP ldif to 389-DS
From Notes_Wiki
<yambe:breadcrumb self="Migrate OpenLDAP ldif to 389-DS">CentOS 8.x 389DS|389DS</yambe:breadcrumb>
CentOS 8.x Migrate OpenLDAP ldif to 389-DS
These are simpler steps assuming use of default schema in openLDAP. If custom schema was used then perhaps that needs to be migrated before the entries can be migrated.
It is possible to migrate openLDAP database to 389-Ds using:
- First login to openldap using rootdn credentials and export ldif file. Example:
- ldapsearch -x -LLL -D 'cn=root,dc=sbarjatiya,dc=com' -W > openldap1.ldif
- Root dn is recommended so that userPasswords also get exported and become part of ldif
- Then download script 'openLDAP2Fedora.pl' which will convert passwords from openldap to 389-DS from https://directory.fedoraproject.org/docs/389ds/scripts.html
- Run the script to convert openldap backup to 389DS format. For Example
- chmod +x openLDAP2Fedora.p
- ./openLDAP2Fedora.pl openldap1.ldif 389ds1.ldif
- Copy (rsync or scp) output file (eg 389ds1 in above example to new 389ds server setup using same suffice (Eg dc=sbarjatitya,dc=com)
- You should be able to add the ldif to 389-DS using:
- ldapadd -x -D 'cn=Directory Manager' -W -f 389ds1.ldif
- Note during installation if you choose to create top suffix entry 'Create just the top suffix entry [no]: yes' then during import you might see
- adding new entry "dc=sbarjatiya,dc=com"
- ldap_add: Already exists (68)
- This is because the top suffix entry for 'dc=sbarjatiya,dc=com' was created during 389-ds setup. You can comment this particular entry in 389ds1.ldif and import the remaining entries
Refer:
- https://directory.fedoraproject.org/docs/389ds/howto/howto-openldapmigration.html
- https://directory.fedoraproject.org/docs/389ds/design/openldap2ds.html
- https://www.linuxquestions.org/questions/linux-server-73/trying-to-migrate-from-openldap-to-389-directory-server-4175624728/
<yambe:breadcrumb self="Migrate OpenLDAP ldif to 389-DS">CentOS 8.x 389DS|389DS</yambe:breadcrumb>