Novell eDirectory 8.8 Troubleshooting Guide - NetIQ
Novell eDirectory 8.8 Troubleshooting Guide - NetIQ
Novell eDirectory 8.8 Troubleshooting Guide - NetIQ
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
10.3 Migrating from OpenLDAP to <strong>Novell</strong><br />
<strong>eDirectory</strong><br />
• Section 10.3.1, “Prerequisites,” on page 64<br />
• Section 10.3.2, “Migrating the OpenLDAP Schema to <strong>eDirectory</strong>,” on page 64<br />
• Section 10.3.3, “Migrating the Open LDAP Data to <strong>Novell</strong> <strong>eDirectory</strong>,” on page 65<br />
• Section 10.3.4, “Making PAM Work with <strong>Novell</strong> <strong>eDirectory</strong> After Migration,” on page 65<br />
novdocx (en) 22 June 2009<br />
10.3.1 Prerequisites<br />
The data that is migrated from an OpenLDAP server can have MD5 passwords, which may cause<br />
the applications to break if the appropriate NMAS methods are not installed. The NMAS method,<br />
SimplePassword, needs to be installed for the <strong>Novell</strong> <strong>eDirectory</strong> using the command as below:<br />
nmasinst -addmethod admin_context treename configfile -h Hostname:port-w<br />
password<br />
Example: nmasinst -addmethod admin.novell eDir-Tree /Linux/<strong>eDirectory</strong>/nmas/NmasMethods/<br />
<strong>Novell</strong>/SimplePassword/config.txt -h eDir_srv:524 -w secret<br />
10.3.2 Migrating the OpenLDAP Schema to <strong>eDirectory</strong><br />
To migrate the OpenLDAP schema to <strong>eDirectory</strong>, complete the following steps:<br />
• “Step 1: Perform the Schema Cache Update Operation” on page 64<br />
• “Step 2: Rectify the Error LDIF File to Eliminate the Errors” on page 64<br />
Step 1: Perform the Schema Cache Update Operation<br />
You can write the errors encountered while comparing the schema to an error file using the<br />
following command:<br />
ice -e error_file -C -a -S ldap -s OpenLDAP_server -p Open_LDAP_port - D ldap<br />
-s <strong>eDirectory</strong>_server -p <strong>eDirectory</strong>_port -d <strong>eDirectory</strong>_full_admin_context -w<br />
<strong>eDirectory</strong>_password<br />
For example:<br />
ice -e err.ldf -C -a -SLDAP -s open_srv1 -p open_port1 -DLDAP -s edir_srv2 -p<br />
edir_port2 -d cn=admin,o=novell -w secret<br />
Any errors encountered while comparing the schema is written to the error file (err.ldf in the<br />
example).<br />
Step 2: Rectify the Error LDIF File to Eliminate the Errors<br />
Open LDAP defines some schema definitions publicly, which include attributes like objectClasses,<br />
attributeTypes, ldapSyntaxes, and subschemSubentry. These definitions exist internally and are very<br />
important to the schema, and therefore, they cannot be modified. Operations that try to modify these<br />
definitions results in the following error:<br />
LDAP error : 53 (DSA is unwilling to perform)<br />
64 <strong>Novell</strong> <strong>eDirectory</strong> <strong>8.8</strong> <strong>Troubleshooting</strong> <strong>Guide</strong>