Novell eDirectory 8.8 Troubleshooting Guide - NetIQ
Novell eDirectory 8.8 Troubleshooting Guide - NetIQ
Novell eDirectory 8.8 Troubleshooting Guide - NetIQ
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Step 2: Rectify the Error LDIF File to Eliminate the Errors<br />
Open LDAP defines some schema definitions publicly, which include attributes like objectClasses,<br />
attributeTypes, ldapSyntaxes, and subschemSubentry. These definitions exist internally and are very<br />
important to the schema, and therefore, they cannot be modified. Operations that try to modify these<br />
definitions results in the following error:<br />
LDAP error : 53 (DSA is unwilling to perform)<br />
Any records that contain references to these definitions cause the following error:<br />
novdocx (ENU) 01 February 2006<br />
LDAP error : 16 ( No such attribute )<br />
Thus, records that contain any reference to these objects or that try to modify these definitions need<br />
to be commented in the LDIF error file (err.ldf in the example).<br />
8.3.3 Migrating the Open LDAP Data to <strong>Novell</strong> <strong>eDirectory</strong><br />
Execute the following command to migrate the data:<br />
ice -e error_data.ldif -SLDAP -s OpenLDAP_server -p OpenLDAP_port -d<br />
admin_context -w password -t -b dc=blr,dc=novell,dc=com -F<br />
objectclass=* -DLDAP -d admin_context -w password -l -F<br />
For example:<br />
ice -e err_data.ldif -SLDAP -s open_srv1 -p open_port1 -d<br />
cn=administrator,dc=blr,dc=novell,dc=com -w secret1 -t -b<br />
dc=blr,dc=novell,dc=com -F objectclass=* -DLDAP -d cn=admin,o=novell -<br />
w secret2 -l -F<br />
Some objects also may fail due to forward referencing and internal dependencies on the objects,<br />
which may not break any applications.<br />
8.3.4 Making PAM Work with <strong>Novell</strong> <strong>eDirectory</strong> After Migration<br />
After migrating from OpenLDAP to <strong>eDirectory</strong>, you need to make some changes for PAM to work<br />
with <strong>eDirectory</strong>.<br />
Changes in /etc/ldap.conf File<br />
# The distinguished name to bind to the server with.<br />
# Optional: default is to bind anonymously.<br />
binddn cn=admin,o=acme<br />
...<br />
# The credentials to bind with.<br />
# Optional: default is no credential.<br />
bindpw secret<br />
...<br />
# The search scope.<br />
scope sub<br />
Migrating to <strong>Novell</strong> <strong>eDirectory</strong> 55