FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 06-22-2010, 09:06 PM
Chun Tat David Chu
 
Default Directory Re-population

Hi Rich,

I did some testing and it appears to be working as you expected.
The steps involve
1) Export the directory database to a LDIF
2) Reload the directory database
3) Reinitialize the consumer


I have another question.* I noticed there's an ACI on the directory database LDIF.
aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all) groupdn = "l
*dap:///cn=slapd-foo, cn=Red Hat Directory Server, cn=Server Group, cn=

*foo.com, ou=tscei.dd-x.com, o=NetscapeRoot"

Do I need to modify the hostname in that ACI if I want to load the same directory database into another LDAP?* Essentially I want to use a basic directory database LDIF and load it to a bunch of different development LDAP we have.* Some LDAPs are multi-mastered configured and most are not.


Thanks in advance

- David

On Tue, Jun 22, 2010 at 2:43 PM, Rich Megginson <rmeggins@redhat.com> wrote:

Chun Tat David Chu wrote:

> Another question about directory re-population.

>

> If I want to create a generic LDIF backup for a bunch of test

> directory servers, in the exported LDIF file, should I remove the

> following attributes? or it doesn't really matter?

> nsUniqueId: 795dca00-5fa011df-8de2866b-a65dc74a

> creatorsName:

> modifiersName: cn=directory manager

> createTimestamp: 20100514213428Z

> modifyTimestamp: 20100514213430Z

I don't think it matters. *I suppose you might want to keep

createTimestamp and modifyTimestamp just for your own information.

>

> My LDIF backup will be imported back to the LDAP using ldif2db.pl

> <http://ldif2db.pl>.

>

> - David

>

> On Fri, Jun 18, 2010 at 4:40 PM, Chun Tat David Chu

> <beyonddc.storage@gmail.com <mailto:beyonddc.storage@gmail.com>> wrote:

>

> * * Thanks Rich, I'll give that a try.

>

>

> * * On Fri, Jun 18, 2010 at 4:20 PM, Rich Megginson

> * * <rmeggins@redhat.com <mailto:rmeggins@redhat.com>> wrote:

>

> * * * * Chun Tat David Chu wrote:

> * * * * > Hi Rich,

> * * * * >

> * * * * > Thanks for replying.

> * * * * >

> * * * * > Just making sure I'm using the right utility. *To

> * * * * reinitialize the

> * * * * > directory, I use the ldif2db.pl <http://ldif2db.pl>

> * * * * <http://ldif2db.pl> Perl script right?

> * * * * Yes, if you need to restore _all_ servers from an LDIF backup.

> * * * * *The

> * * * * reason I say _all_ is that when you do a restore from a "raw"

> * * * * LDIF file,

> * * * * this wipes out all of the replication state information and

> * * * * changelog

> * * * * information. *This means you will have to use this server to

> * * * * re-init

> * * * * other masters and consumers - (I mean re-init in the sense of

> * * * * Initializing Consumers -

> * * * * http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Managing_Replication-Initializing_Consumers.html)


>

> * * * * You can use db2ldif.pl <http://db2ldif.pl> -r to create an

> * * * * LDIF file suitable for offline

> * * * * replica init

> * * * * >

> * * * * > - David

> * * * * >

> * * * * > On Fri, Jun 18, 2010 at 3:58 PM, Rich Megginson

> * * * * <rmeggins@redhat.com <mailto:rmeggins@redhat.com>

> * * * * > <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>>

> * * * * wrote:

> * * * * >

> * * * * > * * Chun Tat David Chu wrote:

> * * * * > * * > Hi all,

> * * * * > * * >

> * * * * > * * > I am hitting an issue with reinitializing the

> * * * * directory database.

> * * * * > * * >

> * * * * > * * > Basically I have two directory servers and they're

> * * * * configured using

> * * * * > * * > multi-master replication scheme.

> * * * * > * * >

> * * * * > * * > When I reinitialize the directory database, the

> * * * * directory became

> * * * * > * * > inaccessible. *I think it is related with my multi-master

> * * * * > * * replication

> * * * * > * * > setup because when I use only reinitialize one LDAP,

> * * * * it would work

> * * * * > * * > just fine

> * * * * > * * >

> * * * * > * * > My question is if multi-master replication is enabled

> * * * * on two LDAPs

> * * * * > * * > then do I need to reinitialize both LDAPs at the same

> * * * * time or

> * * * * > * * just one

> * * * * > * * > LDAP?

> * * * * > * * If you use one master (m1) to re-init the other master

> * * * * (m2), you

> * * * * > * * do not

> * * * * > * * need to then use m2 to re-init m2.

> * * * * > * * >

> * * * * > * * > Thanks!

> * * * * > * * >

> * * * * > * * > - David

> * * * * > * * >

> * * * * > * * > On Fri, May 14, 2010 at 4:42 PM, Chun Tat David Chu

> * * * * > * * > <beyonddc.storage@gmail.com

> * * * * <mailto:beyonddc.storage@gmail.com>

> * * * * <mailto:beyonddc.storage@gmail.com

> * * * * <mailto:beyonddc.storage@gmail.com>>

> * * * * > * * <mailto:beyonddc.storage@gmail.com

> * * * * <mailto:beyonddc.storage@gmail.com>

> * * * * > * * <mailto:beyonddc.storage@gmail.com

> * * * * <mailto:beyonddc.storage@gmail.com>>>> wrote:

> * * * * > * * >

> * * * * > * * > * * Reinitializing the directory database does the

> * * * * trick! *I'm going

> * * * * > * * > * * to do more testing on it.

> * * * * > * * >

> * * * * > * * > * * Thanks a lot!

> * * * * > * * >

> * * * * > * * > * * - David

> * * * * > * * >

> * * * * > * * >

> * * * * > * * > * * On Fri, May 14, 2010 at 1:43 PM, David Boreham

> * * * * > * * > * * <david_list@boreham.org

> * * * * <mailto:david_list@boreham.org> <mailto:david_list@boreham.org

> * * * * <mailto:david_list@boreham.org>>

> * * * * > * * <mailto:david_list@boreham.org

> * * * * <mailto:david_list@boreham.org> <mailto:david_list@boreham.org

> * * * * <mailto:david_list@boreham.org>>>>

> * * * * > * * wrote:

> * * * * > * * >

> * * * * > * * > * * * * On 5/14/2010 11:40 AM, Chun Tat David Chu wrote:

> * * * * > * * > * * * * >

> * * * * > * * > * * * * > We use 389 Directory as part of our

> * * * * development lab.

> * * * * > * * *Every

> * * * * > * * > * * * * time when

> * * * * > * * > * * * * > we do a new test, we need to repopulate our 389

> * * * * > * * directory to

> * * * * > * * > * * * * a clean

> * * * * > * * > * * * * > slate (i.e. delete all existing data and

> * * * * re-create a base

> * * * * > * * > * * * * hierarchy

> * * * * > * * > * * * * > tree).

> * * * * > * * > * * * * >

> * * * * > * * > * * * * > Our current way of doing so is simply using

> * * * * the ldapdelete

> * * * * > * * > * * * * command to

> * * * * > * * > * * * * > remove all existing data and use ldapadd to

> * * * * re-create

> * * * * > * * the base

> * * * * > * * > * * * * > hierarchy tree. *This approach is okay but

> * * * * sometime it

> * * * * > * * could

> * * * * > * * > * * * * take up

> * * * * > * * > * * * * > to 20 to 30 minutes to delete all existing data

> * * * * > * * depending on the

> * * * * > * * > * * * * > amount of data saved in the directory.

> * * * * > * * > * * * * >

> * * * * > * * > * * * * > Is there a more efficient way to repopulate

> * * * * the 389

> * * * * > * * Directory?

> * * * * > * * >

> * * * * > * * > * * * * Yes. Import an almost empty LDIF file. You can

> * * * * also copy the

> * * * * > * * > * * * * on-disk

> * * * * > * * > * * * * database underneath a server (when it is shut

> * * * * down), if you

> * * * * > * * > * * * * know what

> * * * * > * * > * * * * you're doing.

> * * * * > * * >

> * * * * > * * > * * * * --

> * * * * > * * > * * * * 389 users mailing list

> * * * * > * * > * * * * 389-users@lists.fedoraproject.org

> * * * * <mailto:389-users@lists.fedoraproject.org>

> * * * * > * * <mailto:389-users@lists.fedoraproject.org

> * * * * <mailto:389-users@lists.fedoraproject.org>>

> * * * * > * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * * * <mailto:389-users@lists.fedoraproject.org>

> * * * * > * * <mailto:389-users@lists.fedoraproject.org

> * * * * <mailto:389-users@lists.fedoraproject.org>>>

> * * * * > * * >

> * * * * https://admin.fedoraproject.org/mailman/listinfo/389-users

> * * * * > * * >

> * * * * > * * >

> * * * * > * * >

> * * * * > * * >

> * * * * >

> * * * * ------------------------------------------------------------------------

> * * * * > * * >

> * * * * > * * > --

> * * * * > * * > 389 users mailing list

> * * * * > * * > 389-users@lists.fedoraproject.org

> * * * * <mailto:389-users@lists.fedoraproject.org>

> * * * * > * * <mailto:389-users@lists.fedoraproject.org

> * * * * <mailto:389-users@lists.fedoraproject.org>>

> * * * * > * * > https://admin.fedoraproject.org/mailman/listinfo/389-users

> * * * * >

> * * * * > * * --

> * * * * > * * 389 users mailing list

> * * * * > * * 389-users@lists.fedoraproject.org

> * * * * <mailto:389-users@lists.fedoraproject.org>

> * * * * > * * <mailto:389-users@lists.fedoraproject.org

> * * * * <mailto:389-users@lists.fedoraproject.org>>

> * * * * > * * https://admin.fedoraproject.org/mailman/listinfo/389-users

> * * * * >

> * * * * >

> * * * * >

> * * * * ------------------------------------------------------------------------

> * * * * >

> * * * * > --

> * * * * > 389 users mailing list

> * * * * > 389-users@lists.fedoraproject.org

> * * * * <mailto:389-users@lists.fedoraproject.org>

> * * * * > https://admin.fedoraproject.org/mailman/listinfo/389-users

>

> * * * * --

> * * * * 389 users mailing list

> * * * * 389-users@lists.fedoraproject.org

> * * * * <mailto:389-users@lists.fedoraproject.org>

> * * * * https://admin.fedoraproject.org/mailman/listinfo/389-users

>

>

>

> ------------------------------------------------------------------------

>

> --

> 389 users mailing list

> 389-users@lists.fedoraproject.org

> https://admin.fedoraproject.org/mailman/listinfo/389-users



--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 06-22-2010, 09:30 PM
Rich Megginson
 
Default Directory Re-population

Chun Tat David Chu wrote:
> Hi Rich,
>
> I did some testing and it appears to be working as you expected.
> The steps involve
> 1) Export the directory database to a LDIF
> 2) Reload the directory database
> 3) Reinitialize the consumer
>
> I have another question. I noticed there's an ACI on the directory
> database LDIF.
> aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all)
> groupdn = "l
> dap:///cn=slapd-foo, cn=Red Hat Directory Server, cn=Server Group, cn=
> foo.com <http://foo.com>, ou=tscei.dd-x.com <http://tscei.dd-x.com>,
> o=NetscapeRoot"
>
> Do I need to modify the hostname in that ACI if I want to load the
> same directory database into another LDAP? Essentially I want to use
> a basic directory database LDIF and load it to a bunch of different
> development LDAP we have. Some LDAPs are multi-mastered configured
> and most are not.
No, you do not need to change that hostname.
>
> Thanks in advance
>
> - David
>
> On Tue, Jun 22, 2010 at 2:43 PM, Rich Megginson <rmeggins@redhat.com
> <mailto:rmeggins@redhat.com>> wrote:
>
> Chun Tat David Chu wrote:
> > Another question about directory re-population.
> >
> > If I want to create a generic LDIF backup for a bunch of test
> > directory servers, in the exported LDIF file, should I remove the
> > following attributes? or it doesn't really matter?
> > nsUniqueId: 795dca00-5fa011df-8de2866b-a65dc74a
> > creatorsName:
> > modifiersName: cn=directory manager
> > createTimestamp: 20100514213428Z
> > modifyTimestamp: 20100514213430Z
> I don't think it matters. I suppose you might want to keep
> createTimestamp and modifyTimestamp just for your own information.
> >
> > My LDIF backup will be imported back to the LDAP using
> ldif2db.pl <http://ldif2db.pl>
> > <http://ldif2db.pl>.
> >
> > - David
> >
> > On Fri, Jun 18, 2010 at 4:40 PM, Chun Tat David Chu
> > <beyonddc.storage@gmail.com <mailto:beyonddc.storage@gmail.com>
> <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>> wrote:
> >
> > Thanks Rich, I'll give that a try.
> >
> >
> > On Fri, Jun 18, 2010 at 4:20 PM, Rich Megginson
> > <rmeggins@redhat.com <mailto:rmeggins@redhat.com>
> <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>> wrote:
> >
> > Chun Tat David Chu wrote:
> > > Hi Rich,
> > >
> > > Thanks for replying.
> > >
> > > Just making sure I'm using the right utility. To
> > reinitialize the
> > > directory, I use the ldif2db.pl <http://ldif2db.pl>
> <http://ldif2db.pl>
> > <http://ldif2db.pl> Perl script right?
> > Yes, if you need to restore _all_ servers from an LDIF
> backup.
> > The
> > reason I say _all_ is that when you do a restore from a
> "raw"
> > LDIF file,
> > this wipes out all of the replication state information and
> > changelog
> > information. This means you will have to use this server to
> > re-init
> > other masters and consumers - (I mean re-init in the
> sense of
> > Initializing Consumers -
> >
> http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Managing_Replication-Initializing_Consumers.html)
> >
> > You can use db2ldif.pl <http://db2ldif.pl>
> <http://db2ldif.pl> -r to create an
> > LDIF file suitable for offline
> > replica init
> > >
> > > - David
> > >
> > > On Fri, Jun 18, 2010 at 3:58 PM, Rich Megginson
> > <rmeggins@redhat.com <mailto:rmeggins@redhat.com>
> <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>
> > > <mailto:rmeggins@redhat.com
> <mailto:rmeggins@redhat.com> <mailto:rmeggins@redhat.com
> <mailto:rmeggins@redhat.com>>>>
> > wrote:
> > >
> > > Chun Tat David Chu wrote:
> > > > Hi all,
> > > >
> > > > I am hitting an issue with reinitializing the
> > directory database.
> > > >
> > > > Basically I have two directory servers and they're
> > configured using
> > > > multi-master replication scheme.
> > > >
> > > > When I reinitialize the directory database, the
> > directory became
> > > > inaccessible. I think it is related with my
> multi-master
> > > replication
> > > > setup because when I use only reinitialize one LDAP,
> > it would work
> > > > just fine
> > > >
> > > > My question is if multi-master replication is
> enabled
> > on two LDAPs
> > > > then do I need to reinitialize both LDAPs at the
> same
> > time or
> > > just one
> > > > LDAP?
> > > If you use one master (m1) to re-init the other master
> > (m2), you
> > > do not
> > > need to then use m2 to re-init m2.
> > > >
> > > > Thanks!
> > > >
> > > > - David
> > > >
> > > > On Fri, May 14, 2010 at 4:42 PM, Chun Tat David Chu
> > > > <beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>>
> > > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>
> > > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>>>> wrote:
> > > >
> > > > Reinitializing the directory database does the
> > trick! I'm going
> > > > to do more testing on it.
> > > >
> > > > Thanks a lot!
> > > >
> > > > - David
> > > >
> > > >
> > > > On Fri, May 14, 2010 at 1:43 PM, David Boreham
> > > > <david_list@boreham.org
> <mailto:david_list@boreham.org>
> > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>> <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>
> > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>>>
> > > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>
> > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>> <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>
> > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>>>>>
> > > wrote:
> > > >
> > > > On 5/14/2010 11:40 AM, Chun Tat David
> Chu wrote:
> > > > >
> > > > > We use 389 Directory as part of our
> > development lab.
> > > Every
> > > > time when
> > > > > we do a new test, we need to
> repopulate our 389
> > > directory to
> > > > a clean
> > > > > slate (i.e. delete all existing data and
> > re-create a base
> > > > hierarchy
> > > > > tree).
> > > > >
> > > > > Our current way of doing so is simply
> using
> > the ldapdelete
> > > > command to
> > > > > remove all existing data and use
> ldapadd to
> > re-create
> > > the base
> > > > > hierarchy tree. This approach is okay but
> > sometime it
> > > could
> > > > take up
> > > > > to 20 to 30 minutes to delete all
> existing data
> > > depending on the
> > > > > amount of data saved in the directory.
> > > > >
> > > > > Is there a more efficient way to
> repopulate
> > the 389
> > > Directory?
> > > >
> > > > Yes. Import an almost empty LDIF file.
> You can
> > also copy the
> > > > on-disk
> > > > database underneath a server (when it is
> shut
> > down), if you
> > > > know what
> > > > you're doing.
> > > >
> > > > --
> > > > 389 users mailing list
> > > > 389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>
> > > >
> <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>>
> > > >
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
> > > >
> > > >
> > > >
> > > >
> > >
> >
> ------------------------------------------------------------------------
> > > >
> > > > --
> > > > 389 users mailing list
> > > > 389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>
> > > >
> https://admin.fedoraproject.org/mailman/listinfo/389-users
> > >
> > > --
> > > 389 users mailing list
> > > 389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>
> > >
> https://admin.fedoraproject.org/mailman/listinfo/389-users
> > >
> > >
> > >
> >
> ------------------------------------------------------------------------
> > >
> > > --
> > > 389 users mailing list
> > > 389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > https://admin.fedoraproject.org/mailman/listinfo/389-users
> >
> > --
> > 389 users mailing list
> > 389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
> >
> >
> >
> >
> ------------------------------------------------------------------------
> >
> > --
> > 389 users mailing list
> > 389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 06-22-2010, 10:56 PM
Chun Tat David Chu
 
Default Directory Re-population

Thanks Rich,

I did more experiment, and I noticed one of my database didn't get reload after I ran ldif2db.pl script

My DIT has a root database and then a sub database under the root database.* When I did the export, I exported from the root database.* When I ran the ldif2db.pl script, only the root database get reloaded but not the sub database.


Do you have any ideas?

Thanks in advance

- David

On Tue, Jun 22, 2010 at 5:30 PM, Rich Megginson <rmeggins@redhat.com> wrote:

Chun Tat David Chu wrote:

> Hi Rich,

>

> I did some testing and it appears to be working as you expected.

> The steps involve

> 1) Export the directory database to a LDIF

> 2) Reload the directory database

> 3) Reinitialize the consumer

>

> I have another question. *I noticed there's an ACI on the directory

> database LDIF.

> aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all)

> groupdn = "l

> *dap:///cn=slapd-foo, cn=Red Hat Directory Server, cn=Server Group, cn=

> *foo.com <http://foo.com>, ou=tscei.dd-x.com <http://tscei.dd-x.com>,


> o=NetscapeRoot"

>

> Do I need to modify the hostname in that ACI if I want to load the

> same directory database into another LDAP? *Essentially I want to use

> a basic directory database LDIF and load it to a bunch of different

> development LDAP we have. *Some LDAPs are multi-mastered configured

> and most are not.

No, you do not need to change that hostname.

>

> Thanks in advance

>

> - David

>

> On Tue, Jun 22, 2010 at 2:43 PM, Rich Megginson <rmeggins@redhat.com

> <mailto:rmeggins@redhat.com>> wrote:

>

> * * Chun Tat David Chu wrote:

> * * > Another question about directory re-population.

> * * >

> * * > If I want to create a generic LDIF backup for a bunch of test

> * * > directory servers, in the exported LDIF file, should I remove the

> * * > following attributes? or it doesn't really matter?

> * * > nsUniqueId: 795dca00-5fa011df-8de2866b-a65dc74a

> * * > creatorsName:

> * * > modifiersName: cn=directory manager

> * * > createTimestamp: 20100514213428Z

> * * > modifyTimestamp: 20100514213430Z

> * * I don't think it matters. *I suppose you might want to keep

> * * createTimestamp and modifyTimestamp just for your own information.

> * * >

> * * > My LDIF backup will be imported back to the LDAP using

> * * ldif2db.pl <http://ldif2db.pl>

> * * > <http://ldif2db.pl>.

> * * >

> * * > - David

> * * >

> * * > On Fri, Jun 18, 2010 at 4:40 PM, Chun Tat David Chu

> * * > <beyonddc.storage@gmail.com <mailto:beyonddc.storage@gmail.com>

> * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>> wrote:

> * * >

> * * > * * Thanks Rich, I'll give that a try.

> * * >

> * * >

> * * > * * On Fri, Jun 18, 2010 at 4:20 PM, Rich Megginson

> * * > * * <rmeggins@redhat.com <mailto:rmeggins@redhat.com>

> * * <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>> wrote:

> * * >

> * * > * * * * Chun Tat David Chu wrote:

> * * > * * * * > Hi Rich,

> * * > * * * * >

> * * > * * * * > Thanks for replying.

> * * > * * * * >

> * * > * * * * > Just making sure I'm using the right utility. *To

> * * > * * * * reinitialize the

> * * > * * * * > directory, I use the ldif2db.pl <http://ldif2db.pl>

> * * <http://ldif2db.pl>

> * * > * * * * <http://ldif2db.pl> Perl script right?

> * * > * * * * Yes, if you need to restore _all_ servers from an LDIF

> * * backup.

> * * > * * * * *The

> * * > * * * * reason I say _all_ is that when you do a restore from a

> * * "raw"

> * * > * * * * LDIF file,

> * * > * * * * this wipes out all of the replication state information and

> * * > * * * * changelog

> * * > * * * * information. *This means you will have to use this server to

> * * > * * * * re-init

> * * > * * * * other masters and consumers - (I mean re-init in the

> * * sense of

> * * > * * * * Initializing Consumers -

> * * >

> * * http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Managing_Replication-Initializing_Consumers.html)


> * * >

> * * > * * * * You can use db2ldif.pl <http://db2ldif.pl>

> * * <http://db2ldif.pl> -r to create an

> * * > * * * * LDIF file suitable for offline

> * * > * * * * replica init

> * * > * * * * >

> * * > * * * * > - David

> * * > * * * * >

> * * > * * * * > On Fri, Jun 18, 2010 at 3:58 PM, Rich Megginson

> * * > * * * * <rmeggins@redhat.com <mailto:rmeggins@redhat.com>

> * * <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>

> * * > * * * * > <mailto:rmeggins@redhat.com

> * * <mailto:rmeggins@redhat.com> <mailto:rmeggins@redhat.com

> * * <mailto:rmeggins@redhat.com>>>>

> * * > * * * * wrote:

> * * > * * * * >

> * * > * * * * > * * Chun Tat David Chu wrote:

> * * > * * * * > * * > Hi all,

> * * > * * * * > * * >

> * * > * * * * > * * > I am hitting an issue with reinitializing the

> * * > * * * * directory database.

> * * > * * * * > * * >

> * * > * * * * > * * > Basically I have two directory servers and they're

> * * > * * * * configured using

> * * > * * * * > * * > multi-master replication scheme.

> * * > * * * * > * * >

> * * > * * * * > * * > When I reinitialize the directory database, the

> * * > * * * * directory became

> * * > * * * * > * * > inaccessible. *I think it is related with my

> * * multi-master

> * * > * * * * > * * replication

> * * > * * * * > * * > setup because when I use only reinitialize one LDAP,

> * * > * * * * it would work

> * * > * * * * > * * > just fine

> * * > * * * * > * * >

> * * > * * * * > * * > My question is if multi-master replication is

> * * enabled

> * * > * * * * on two LDAPs

> * * > * * * * > * * > then do I need to reinitialize both LDAPs at the

> * * same

> * * > * * * * time or

> * * > * * * * > * * just one

> * * > * * * * > * * > LDAP?

> * * > * * * * > * * If you use one master (m1) to re-init the other master

> * * > * * * * (m2), you

> * * > * * * * > * * do not

> * * > * * * * > * * need to then use m2 to re-init m2.

> * * > * * * * > * * >

> * * > * * * * > * * > Thanks!

> * * > * * * * > * * >

> * * > * * * * > * * > - David

> * * > * * * * > * * >

> * * > * * * * > * * > On Fri, May 14, 2010 at 4:42 PM, Chun Tat David Chu

> * * > * * * * > * * > <beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>

> * * > * * * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>>

> * * > * * * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>

> * * > * * * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>>>> wrote:

> * * > * * * * > * * >

> * * > * * * * > * * > * * Reinitializing the directory database does the

> * * > * * * * trick! *I'm going

> * * > * * * * > * * > * * to do more testing on it.

> * * > * * * * > * * >

> * * > * * * * > * * > * * Thanks a lot!

> * * > * * * * > * * >

> * * > * * * * > * * > * * - David

> * * > * * * * > * * >

> * * > * * * * > * * >

> * * > * * * * > * * > * * On Fri, May 14, 2010 at 1:43 PM, David Boreham

> * * > * * * * > * * > * * <david_list@boreham.org

> * * <mailto:david_list@boreham.org>

> * * > * * * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>> <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>

> * * > * * * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>>>

> * * > * * * * > * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>

> * * > * * * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>> <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>

> * * > * * * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>>>>>

> * * > * * * * > * * wrote:

> * * > * * * * > * * >

> * * > * * * * > * * > * * * * On 5/14/2010 11:40 AM, Chun Tat David

> * * Chu wrote:

> * * > * * * * > * * > * * * * >

> * * > * * * * > * * > * * * * > We use 389 Directory as part of our

> * * > * * * * development lab.

> * * > * * * * > * * *Every

> * * > * * * * > * * > * * * * time when

> * * > * * * * > * * > * * * * > we do a new test, we need to

> * * repopulate our 389

> * * > * * * * > * * directory to

> * * > * * * * > * * > * * * * a clean

> * * > * * * * > * * > * * * * > slate (i.e. delete all existing data and

> * * > * * * * re-create a base

> * * > * * * * > * * > * * * * hierarchy

> * * > * * * * > * * > * * * * > tree).

> * * > * * * * > * * > * * * * >

> * * > * * * * > * * > * * * * > Our current way of doing so is simply

> * * using

> * * > * * * * the ldapdelete

> * * > * * * * > * * > * * * * command to

> * * > * * * * > * * > * * * * > remove all existing data and use

> * * ldapadd to

> * * > * * * * re-create

> * * > * * * * > * * the base

> * * > * * * * > * * > * * * * > hierarchy tree. *This approach is okay but

> * * > * * * * sometime it

> * * > * * * * > * * could

> * * > * * * * > * * > * * * * take up

> * * > * * * * > * * > * * * * > to 20 to 30 minutes to delete all

> * * existing data

> * * > * * * * > * * depending on the

> * * > * * * * > * * > * * * * > amount of data saved in the directory.

> * * > * * * * > * * > * * * * >

> * * > * * * * > * * > * * * * > Is there a more efficient way to

> * * repopulate

> * * > * * * * the 389

> * * > * * * * > * * Directory?

> * * > * * * * > * * >

> * * > * * * * > * * > * * * * Yes. Import an almost empty LDIF file.

> * * You can

> * * > * * * * also copy the

> * * > * * * * > * * > * * * * on-disk

> * * > * * * * > * * > * * * * database underneath a server (when it is

> * * shut

> * * > * * * * down), if you

> * * > * * * * > * * > * * * * know what

> * * > * * * * > * * > * * * * you're doing.

> * * > * * * * > * * >

> * * > * * * * > * * > * * * * --

> * * > * * * * > * * > * * * * 389 users mailing list

> * * > * * * * > * * > * * * * 389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>

> * * > * * * * > * * >

> * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>>

> * * > * * * * > * * >

> * * > * * * * https://admin.fedoraproject.org/mailman/listinfo/389-users

> * * > * * * * > * * >

> * * > * * * * > * * >

> * * > * * * * > * * >

> * * > * * * * > * * >

> * * > * * * * >

> * * >

> * * ------------------------------------------------------------------------

> * * > * * * * > * * >

> * * > * * * * > * * > --

> * * > * * * * > * * > 389 users mailing list

> * * > * * * * > * * > 389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>

> * * > * * * * > * * >

> * * https://admin.fedoraproject.org/mailman/listinfo/389-users

> * * > * * * * >

> * * > * * * * > * * --

> * * > * * * * > * * 389 users mailing list

> * * > * * * * > * * 389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>

> * * > * * * * >

> * * https://admin.fedoraproject.org/mailman/listinfo/389-users

> * * > * * * * >

> * * > * * * * >

> * * > * * * * >

> * * >

> * * ------------------------------------------------------------------------

> * * > * * * * >

> * * > * * * * > --

> * * > * * * * > 389 users mailing list

> * * > * * * * > 389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * * * > https://admin.fedoraproject.org/mailman/listinfo/389-users

> * * >

> * * > * * * * --

> * * > * * * * 389 users mailing list

> * * > * * * * 389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * * * https://admin.fedoraproject.org/mailman/listinfo/389-users

> * * >

> * * >

> * * >

> * * >

> * * ------------------------------------------------------------------------

> * * >

> * * > --

> * * > 389 users mailing list

> * * > 389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > https://admin.fedoraproject.org/mailman/listinfo/389-users

>

> * * --

> * * 389 users mailing list

> * * 389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * https://admin.fedoraproject.org/mailman/listinfo/389-users

>

>

> ------------------------------------------------------------------------

>

> --

> 389 users mailing list

> 389-users@lists.fedoraproject.org

> https://admin.fedoraproject.org/mailman/listinfo/389-users



--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 06-22-2010, 10:58 PM
Rich Megginson
 
Default Directory Re-population

Chun Tat David Chu wrote:
> Thanks Rich,
>
> I did more experiment, and I noticed one of my database didn't get
> reload after I ran ldif2db.pl <http://ldif2db.pl> script
>
> My DIT has a root database and then a sub database under the root
> database. When I did the export, I exported from the root database.
> When I ran the ldif2db.pl <http://ldif2db.pl> script, only the root
> database get reloaded but not the sub database.
>
> Do you have any ideas?
Yes. You need an LDIF for each database.
>
> Thanks in advance
>
> - David
>
> On Tue, Jun 22, 2010 at 5:30 PM, Rich Megginson <rmeggins@redhat.com
> <mailto:rmeggins@redhat.com>> wrote:
>
> Chun Tat David Chu wrote:
> > Hi Rich,
> >
> > I did some testing and it appears to be working as you expected.
> > The steps involve
> > 1) Export the directory database to a LDIF
> > 2) Reload the directory database
> > 3) Reinitialize the consumer
> >
> > I have another question. I noticed there's an ACI on the directory
> > database LDIF.
> > aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all)
> > groupdn = "l
> > dap:///cn=slapd-foo, cn=Red Hat Directory Server, cn=Server
> Group, cn=
> > foo.com <http://foo.com> <http://foo.com>, ou=tscei.dd-x.com
> <http://tscei.dd-x.com> <http://tscei.dd-x.com>,
> > o=NetscapeRoot"
> >
> > Do I need to modify the hostname in that ACI if I want to load the
> > same directory database into another LDAP? Essentially I want
> to use
> > a basic directory database LDIF and load it to a bunch of different
> > development LDAP we have. Some LDAPs are multi-mastered configured
> > and most are not.
> No, you do not need to change that hostname.
> >
> > Thanks in advance
> >
> > - David
> >
> > On Tue, Jun 22, 2010 at 2:43 PM, Rich Megginson
> <rmeggins@redhat.com <mailto:rmeggins@redhat.com>
> > <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>> wrote:
> >
> > Chun Tat David Chu wrote:
> > > Another question about directory re-population.
> > >
> > > If I want to create a generic LDIF backup for a bunch of test
> > > directory servers, in the exported LDIF file, should I
> remove the
> > > following attributes? or it doesn't really matter?
> > > nsUniqueId: 795dca00-5fa011df-8de2866b-a65dc74a
> > > creatorsName:
> > > modifiersName: cn=directory manager
> > > createTimestamp: 20100514213428Z
> > > modifyTimestamp: 20100514213430Z
> > I don't think it matters. I suppose you might want to keep
> > createTimestamp and modifyTimestamp just for your own
> information.
> > >
> > > My LDIF backup will be imported back to the LDAP using
> > ldif2db.pl <http://ldif2db.pl> <http://ldif2db.pl>
> > > <http://ldif2db.pl>.
> > >
> > > - David
> > >
> > > On Fri, Jun 18, 2010 at 4:40 PM, Chun Tat David Chu
> > > <beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>>> wrote:
> > >
> > > Thanks Rich, I'll give that a try.
> > >
> > >
> > > On Fri, Jun 18, 2010 at 4:20 PM, Rich Megginson
> > > <rmeggins@redhat.com <mailto:rmeggins@redhat.com>
> <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>
> > <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>
> <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>>> wrote:
> > >
> > > Chun Tat David Chu wrote:
> > > > Hi Rich,
> > > >
> > > > Thanks for replying.
> > > >
> > > > Just making sure I'm using the right utility. To
> > > reinitialize the
> > > > directory, I use the ldif2db.pl
> <http://ldif2db.pl> <http://ldif2db.pl>
> > <http://ldif2db.pl>
> > > <http://ldif2db.pl> Perl script right?
> > > Yes, if you need to restore _all_ servers from an LDIF
> > backup.
> > > The
> > > reason I say _all_ is that when you do a restore
> from a
> > "raw"
> > > LDIF file,
> > > this wipes out all of the replication state
> information and
> > > changelog
> > > information. This means you will have to use this
> server to
> > > re-init
> > > other masters and consumers - (I mean re-init in the
> > sense of
> > > Initializing Consumers -
> > >
> >
> http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Managing_Replication-Initializing_Consumers.html)
> > >
> > > You can use db2ldif.pl <http://db2ldif.pl>
> <http://db2ldif.pl>
> > <http://db2ldif.pl> -r to create an
> > > LDIF file suitable for offline
> > > replica init
> > > >
> > > > - David
> > > >
> > > > On Fri, Jun 18, 2010 at 3:58 PM, Rich Megginson
> > > <rmeggins@redhat.com <mailto:rmeggins@redhat.com>
> <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>
> > <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>
> <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>>
> > > > <mailto:rmeggins@redhat.com
> <mailto:rmeggins@redhat.com>
> > <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>
> <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>
> > <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>>>>
> > > wrote:
> > > >
> > > > Chun Tat David Chu wrote:
> > > > > Hi all,
> > > > >
> > > > > I am hitting an issue with reinitializing the
> > > directory database.
> > > > >
> > > > > Basically I have two directory servers and
> they're
> > > configured using
> > > > > multi-master replication scheme.
> > > > >
> > > > > When I reinitialize the directory
> database, the
> > > directory became
> > > > > inaccessible. I think it is related with my
> > multi-master
> > > > replication
> > > > > setup because when I use only reinitialize
> one LDAP,
> > > it would work
> > > > > just fine
> > > > >
> > > > > My question is if multi-master replication is
> > enabled
> > > on two LDAPs
> > > > > then do I need to reinitialize both LDAPs
> at the
> > same
> > > time or
> > > > just one
> > > > > LDAP?
> > > > If you use one master (m1) to re-init the
> other master
> > > (m2), you
> > > > do not
> > > > need to then use m2 to re-init m2.
> > > > >
> > > > > Thanks!
> > > > >
> > > > > - David
> > > > >
> > > > > On Fri, May 14, 2010 at 4:42 PM, Chun Tat
> David Chu
> > > > > <beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>
> > > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>>
> > > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>
> > > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>>>
> > > > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>
> > > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>>
> > > > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>
> > > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>>>>> wrote:
> > > > >
> > > > > Reinitializing the directory database
> does the
> > > trick! I'm going
> > > > > to do more testing on it.
> > > > >
> > > > > Thanks a lot!
> > > > >
> > > > > - David
> > > > >
> > > > >
> > > > > On Fri, May 14, 2010 at 1:43 PM, David
> Boreham
> > > > > <david_list@boreham.org
> <mailto:david_list@boreham.org>
> > <mailto:david_list@boreham.org <mailto:david_list@boreham.org>>
> > > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>
> > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>>> <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>
> > <mailto:david_list@boreham.org <mailto:david_list@boreham.org>>
> > > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>
> > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>>>>
> > > > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>
> > <mailto:david_list@boreham.org <mailto:david_list@boreham.org>>
> > > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>
> > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>>> <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>
> > <mailto:david_list@boreham.org <mailto:david_list@boreham.org>>
> > > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>
> > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>>>>>>
> > > > wrote:
> > > > >
> > > > > On 5/14/2010 11:40 AM, Chun Tat David
> > Chu wrote:
> > > > > >
> > > > > > We use 389 Directory as part of our
> > > development lab.
> > > > Every
> > > > > time when
> > > > > > we do a new test, we need to
> > repopulate our 389
> > > > directory to
> > > > > a clean
> > > > > > slate (i.e. delete all existing
> data and
> > > re-create a base
> > > > > hierarchy
> > > > > > tree).
> > > > > >
> > > > > > Our current way of doing so is
> simply
> > using
> > > the ldapdelete
> > > > > command to
> > > > > > remove all existing data and use
> > ldapadd to
> > > re-create
> > > > the base
> > > > > > hierarchy tree. This approach
> is okay but
> > > sometime it
> > > > could
> > > > > take up
> > > > > > to 20 to 30 minutes to delete all
> > existing data
> > > > depending on the
> > > > > > amount of data saved in the
> directory.
> > > > > >
> > > > > > Is there a more efficient way to
> > repopulate
> > > the 389
> > > > Directory?
> > > > >
> > > > > Yes. Import an almost empty LDIF file.
> > You can
> > > also copy the
> > > > > on-disk
> > > > > database underneath a server (when
> it is
> > shut
> > > down), if you
> > > > > know what
> > > > > you're doing.
> > > > >
> > > > > --
> > > > > 389 users mailing list
> > > > > 389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>
> > > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>>
> > > > >
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>
> > > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>>>
> > > > >
> > >
> https://admin.fedoraproject.org/mailman/listinfo/389-users
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > >
> >
> ------------------------------------------------------------------------
> > > > >
> > > > > --
> > > > > 389 users mailing list
> > > > > 389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>
> > > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>>
> > > > >
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
> > > >
> > > > --
> > > > 389 users mailing list
> > > > 389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>
> > > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>>
> > > >
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
> > > >
> > > >
> > > >
> > >
> >
> ------------------------------------------------------------------------
> > > >
> > > > --
> > > > 389 users mailing list
> > > > 389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>
> > > >
> https://admin.fedoraproject.org/mailman/listinfo/389-users
> > >
> > > --
> > > 389 users mailing list
> > > 389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>
> > >
> https://admin.fedoraproject.org/mailman/listinfo/389-users
> > >
> > >
> > >
> > >
> >
> ------------------------------------------------------------------------
> > >
> > > --
> > > 389 users mailing list
> > > 389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > https://admin.fedoraproject.org/mailman/listinfo/389-users
> >
> > --
> > 389 users mailing list
> > 389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
> >
> >
> >
> ------------------------------------------------------------------------
> >
> > --
> > 389 users mailing list
> > 389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 06-23-2010, 09:19 PM
Chun Tat David Chu
 
Default Directory Re-population

Hi Rich,

Thanks for helping.* I followed your direction and exported another LDIF for my 2nd database but whenever I try to load it I get an error message "ldap_add: Operations error".

Here's a little information on my DIT hierarchy.

Database 1: dc=foo,dc=com
Database 2: dc=new_foo,dc=foo,dc=com

I ran the ldif2db.pl using the verbose switch and here's the output.
ldapmodify: started Wed Jun 23 17:11:34 2010


ldap_init( <hostname>, 389 )
add objectclass:
******* top
******* extensibleObject
add cn:
******* import_2010_6_23_17_11_34
add nsInstance:
******* userRoot
add nsFilename:
******* /home/chud/OLAY/LDAP_REPOPULATION_TEST/second_dit.ldif

add nsImportChunkSize:
******* 0
add nsUniqueIdGenerator:
******* time
adding new entry cn=import_2010_6_23_17_11_34, cn=import, cn=tasks, cn=config
ldap_add: Operations error

At this point, I am stuck.* Do you have any idea what went wrong?* The reload of the root database does work but when I reload the 2nd database that sits underneath in the root database in the DIT it doesn't work.


Thanks in advance!

- David

On Tue, Jun 22, 2010 at 6:58 PM, Rich Megginson <rmeggins@redhat.com> wrote:

Chun Tat David Chu wrote:

> Thanks Rich,

>

> I did more experiment, and I noticed one of my database didn't get

> reload after I ran ldif2db.pl <http://ldif2db.pl> script

>

> My DIT has a root database and then a sub database under the root

> database. *When I did the export, I exported from the root database.

> When I ran the ldif2db.pl <http://ldif2db.pl> script, only the root

> database get reloaded but not the sub database.

>

> Do you have any ideas?

Yes. *You need an LDIF for each database.

>

> Thanks in advance

>

> - David

>

> On Tue, Jun 22, 2010 at 5:30 PM, Rich Megginson <rmeggins@redhat.com

> <mailto:rmeggins@redhat.com>> wrote:

>

> * * Chun Tat David Chu wrote:

> * * > Hi Rich,

> * * >

> * * > I did some testing and it appears to be working as you expected.

> * * > The steps involve

> * * > 1) Export the directory database to a LDIF

> * * > 2) Reload the directory database

> * * > 3) Reinitialize the consumer

> * * >

> * * > I have another question. *I noticed there's an ACI on the directory

> * * > database LDIF.

> * * > aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all)

> * * > groupdn = "l

> * * > *dap:///cn=slapd-foo, cn=Red Hat Directory Server, cn=Server

> * * Group, cn=

> * * > *foo.com <http://foo.com> <http://foo.com>, ou=tscei.dd-x.com


> * * <http://tscei.dd-x.com> <http://tscei.dd-x.com>,

> * * > o=NetscapeRoot"

> * * >

> * * > Do I need to modify the hostname in that ACI if I want to load the

> * * > same directory database into another LDAP? *Essentially I want

> * * to use

> * * > a basic directory database LDIF and load it to a bunch of different

> * * > development LDAP we have. *Some LDAPs are multi-mastered configured

> * * > and most are not.

> * * No, you do not need to change that hostname.

> * * >

> * * > Thanks in advance

> * * >

> * * > - David

> * * >

> * * > On Tue, Jun 22, 2010 at 2:43 PM, Rich Megginson

> * * <rmeggins@redhat.com <mailto:rmeggins@redhat.com>

> * * > <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>> wrote:

> * * >

> * * > * * Chun Tat David Chu wrote:

> * * > * * > Another question about directory re-population.

> * * > * * >

> * * > * * > If I want to create a generic LDIF backup for a bunch of test

> * * > * * > directory servers, in the exported LDIF file, should I

> * * remove the

> * * > * * > following attributes? or it doesn't really matter?

> * * > * * > nsUniqueId: 795dca00-5fa011df-8de2866b-a65dc74a

> * * > * * > creatorsName:

> * * > * * > modifiersName: cn=directory manager

> * * > * * > createTimestamp: 20100514213428Z

> * * > * * > modifyTimestamp: 20100514213430Z

> * * > * * I don't think it matters. *I suppose you might want to keep

> * * > * * createTimestamp and modifyTimestamp just for your own

> * * information.

> * * > * * >

> * * > * * > My LDIF backup will be imported back to the LDAP using

> * * > * * ldif2db.pl <http://ldif2db.pl> <http://ldif2db.pl>


> * * > * * > <http://ldif2db.pl>.

> * * > * * >

> * * > * * > - David

> * * > * * >

> * * > * * > On Fri, Jun 18, 2010 at 4:40 PM, Chun Tat David Chu

> * * > * * > <beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>>> wrote:

> * * > * * >

> * * > * * > * * Thanks Rich, I'll give that a try.

> * * > * * >

> * * > * * >

> * * > * * > * * On Fri, Jun 18, 2010 at 4:20 PM, Rich Megginson

> * * > * * > * * <rmeggins@redhat.com <mailto:rmeggins@redhat.com>

> * * <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>

> * * > * * <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>

> * * <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>>> wrote:

> * * > * * >

> * * > * * > * * * * Chun Tat David Chu wrote:

> * * > * * > * * * * > Hi Rich,

> * * > * * > * * * * >

> * * > * * > * * * * > Thanks for replying.

> * * > * * > * * * * >

> * * > * * > * * * * > Just making sure I'm using the right utility. *To

> * * > * * > * * * * reinitialize the

> * * > * * > * * * * > directory, I use the ldif2db.pl

> * * <http://ldif2db.pl> <http://ldif2db.pl>

> * * > * * <http://ldif2db.pl>

> * * > * * > * * * * <http://ldif2db.pl> Perl script right?

> * * > * * > * * * * Yes, if you need to restore _all_ servers from an LDIF

> * * > * * backup.

> * * > * * > * * * * *The

> * * > * * > * * * * reason I say _all_ is that when you do a restore

> * * from a

> * * > * * "raw"

> * * > * * > * * * * LDIF file,

> * * > * * > * * * * this wipes out all of the replication state

> * * information and

> * * > * * > * * * * changelog

> * * > * * > * * * * information. *This means you will have to use this

> * * server to

> * * > * * > * * * * re-init

> * * > * * > * * * * other masters and consumers - (I mean re-init in the

> * * > * * sense of

> * * > * * > * * * * Initializing Consumers -

> * * > * * >

> * * >

> * * http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Managing_Replication-Initializing_Consumers.html)


> * * > * * >

> * * > * * > * * * * You can use db2ldif.pl <http://db2ldif.pl>

> * * <http://db2ldif.pl>

> * * > * * <http://db2ldif.pl> -r to create an

> * * > * * > * * * * LDIF file suitable for offline

> * * > * * > * * * * replica init

> * * > * * > * * * * >

> * * > * * > * * * * > - David

> * * > * * > * * * * >

> * * > * * > * * * * > On Fri, Jun 18, 2010 at 3:58 PM, Rich Megginson

> * * > * * > * * * * <rmeggins@redhat.com <mailto:rmeggins@redhat.com>

> * * <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>

> * * > * * <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>

> * * <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>>

> * * > * * > * * * * > <mailto:rmeggins@redhat.com

> * * <mailto:rmeggins@redhat.com>

> * * > * * <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>

> * * <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>

> * * > * * <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>>>>

> * * > * * > * * * * wrote:

> * * > * * > * * * * >

> * * > * * > * * * * > * * Chun Tat David Chu wrote:

> * * > * * > * * * * > * * > Hi all,

> * * > * * > * * * * > * * >

> * * > * * > * * * * > * * > I am hitting an issue with reinitializing the

> * * > * * > * * * * directory database.

> * * > * * > * * * * > * * >

> * * > * * > * * * * > * * > Basically I have two directory servers and

> * * they're

> * * > * * > * * * * configured using

> * * > * * > * * * * > * * > multi-master replication scheme.

> * * > * * > * * * * > * * >

> * * > * * > * * * * > * * > When I reinitialize the directory

> * * database, the

> * * > * * > * * * * directory became

> * * > * * > * * * * > * * > inaccessible. *I think it is related with my

> * * > * * multi-master

> * * > * * > * * * * > * * replication

> * * > * * > * * * * > * * > setup because when I use only reinitialize

> * * one LDAP,

> * * > * * > * * * * it would work

> * * > * * > * * * * > * * > just fine

> * * > * * > * * * * > * * >

> * * > * * > * * * * > * * > My question is if multi-master replication is

> * * > * * enabled

> * * > * * > * * * * on two LDAPs

> * * > * * > * * * * > * * > then do I need to reinitialize both LDAPs

> * * at the

> * * > * * same

> * * > * * > * * * * time or

> * * > * * > * * * * > * * just one

> * * > * * > * * * * > * * > LDAP?

> * * > * * > * * * * > * * If you use one master (m1) to re-init the

> * * other master

> * * > * * > * * * * (m2), you

> * * > * * > * * * * > * * do not

> * * > * * > * * * * > * * need to then use m2 to re-init m2.

> * * > * * > * * * * > * * >

> * * > * * > * * * * > * * > Thanks!

> * * > * * > * * * * > * * >

> * * > * * > * * * * > * * > - David

> * * > * * > * * * * > * * >

> * * > * * > * * * * > * * > On Fri, May 14, 2010 at 4:42 PM, Chun Tat

> * * David Chu

> * * > * * > * * * * > * * > <beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>

> * * > * * > * * * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>>

> * * > * * > * * * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>

> * * > * * > * * * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>>>

> * * > * * > * * * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>

> * * > * * > * * * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>>

> * * > * * > * * * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>

> * * > * * > * * * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>>>>> wrote:

> * * > * * > * * * * > * * >

> * * > * * > * * * * > * * > * * Reinitializing the directory database

> * * does the

> * * > * * > * * * * trick! *I'm going

> * * > * * > * * * * > * * > * * to do more testing on it.

> * * > * * > * * * * > * * >

> * * > * * > * * * * > * * > * * Thanks a lot!

> * * > * * > * * * * > * * >

> * * > * * > * * * * > * * > * * - David

> * * > * * > * * * * > * * >

> * * > * * > * * * * > * * >

> * * > * * > * * * * > * * > * * On Fri, May 14, 2010 at 1:43 PM, David

> * * Boreham

> * * > * * > * * * * > * * > * * <david_list@boreham.org

> * * <mailto:david_list@boreham.org>

> * * > * * <mailto:david_list@boreham.org <mailto:david_list@boreham.org>>

> * * > * * > * * * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>

> * * > * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>>> <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>

> * * > * * <mailto:david_list@boreham.org <mailto:david_list@boreham.org>>

> * * > * * > * * * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>

> * * > * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>>>>

> * * > * * > * * * * > * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>

> * * > * * <mailto:david_list@boreham.org <mailto:david_list@boreham.org>>

> * * > * * > * * * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>

> * * > * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>>> <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>

> * * > * * <mailto:david_list@boreham.org <mailto:david_list@boreham.org>>

> * * > * * > * * * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>

> * * > * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>>>>>>

> * * > * * > * * * * > * * wrote:

> * * > * * > * * * * > * * >

> * * > * * > * * * * > * * > * * * * On 5/14/2010 11:40 AM, Chun Tat David

> * * > * * Chu wrote:

> * * > * * > * * * * > * * > * * * * >

> * * > * * > * * * * > * * > * * * * > We use 389 Directory as part of our

> * * > * * > * * * * development lab.

> * * > * * > * * * * > * * *Every

> * * > * * > * * * * > * * > * * * * time when

> * * > * * > * * * * > * * > * * * * > we do a new test, we need to

> * * > * * repopulate our 389

> * * > * * > * * * * > * * directory to

> * * > * * > * * * * > * * > * * * * a clean

> * * > * * > * * * * > * * > * * * * > slate (i.e. delete all existing

> * * data and

> * * > * * > * * * * re-create a base

> * * > * * > * * * * > * * > * * * * hierarchy

> * * > * * > * * * * > * * > * * * * > tree).

> * * > * * > * * * * > * * > * * * * >

> * * > * * > * * * * > * * > * * * * > Our current way of doing so is

> * * simply

> * * > * * using

> * * > * * > * * * * the ldapdelete

> * * > * * > * * * * > * * > * * * * command to

> * * > * * > * * * * > * * > * * * * > remove all existing data and use

> * * > * * ldapadd to

> * * > * * > * * * * re-create

> * * > * * > * * * * > * * the base

> * * > * * > * * * * > * * > * * * * > hierarchy tree. *This approach

> * * is okay but

> * * > * * > * * * * sometime it

> * * > * * > * * * * > * * could

> * * > * * > * * * * > * * > * * * * take up

> * * > * * > * * * * > * * > * * * * > to 20 to 30 minutes to delete all

> * * > * * existing data

> * * > * * > * * * * > * * depending on the

> * * > * * > * * * * > * * > * * * * > amount of data saved in the

> * * directory.

> * * > * * > * * * * > * * > * * * * >

> * * > * * > * * * * > * * > * * * * > Is there a more efficient way to

> * * > * * repopulate

> * * > * * > * * * * the 389

> * * > * * > * * * * > * * Directory?

> * * > * * > * * * * > * * >

> * * > * * > * * * * > * * > * * * * Yes. Import an almost empty LDIF file.

> * * > * * You can

> * * > * * > * * * * also copy the

> * * > * * > * * * * > * * > * * * * on-disk

> * * > * * > * * * * > * * > * * * * database underneath a server (when

> * * it is

> * * > * * shut

> * * > * * > * * * * down), if you

> * * > * * > * * * * > * * > * * * * know what

> * * > * * > * * * * > * * > * * * * you're doing.

> * * > * * > * * * * > * * >

> * * > * * > * * * * > * * > * * * * --

> * * > * * > * * * * > * * > * * * * 389 users mailing list

> * * > * * > * * * * > * * > * * * * 389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>

> * * > * * > * * * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>>

> * * > * * > * * * * > * * >

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>

> * * > * * > * * * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>>>

> * * > * * > * * * * > * * >

> * * > * * >

> * * https://admin.fedoraproject.org/mailman/listinfo/389-users

> * * > * * > * * * * > * * >

> * * > * * > * * * * > * * >

> * * > * * > * * * * > * * >

> * * > * * > * * * * > * * >

> * * > * * > * * * * >

> * * > * * >

> * * >

> * * ------------------------------------------------------------------------

> * * > * * > * * * * > * * >

> * * > * * > * * * * > * * > --

> * * > * * > * * * * > * * > 389 users mailing list

> * * > * * > * * * * > * * > 389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>

> * * > * * > * * * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>>

> * * > * * > * * * * > * * >

> * * > * * https://admin.fedoraproject.org/mailman/listinfo/389-users

> * * > * * > * * * * >

> * * > * * > * * * * > * * --

> * * > * * > * * * * > * * 389 users mailing list

> * * > * * > * * * * > * * 389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>

> * * > * * > * * * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>>

> * * > * * > * * * * >

> * * > * * https://admin.fedoraproject.org/mailman/listinfo/389-users

> * * > * * > * * * * >

> * * > * * > * * * * >

> * * > * * > * * * * >

> * * > * * >

> * * >

> * * ------------------------------------------------------------------------

> * * > * * > * * * * >

> * * > * * > * * * * > --

> * * > * * > * * * * > 389 users mailing list

> * * > * * > * * * * > 389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>

> * * > * * > * * * * >

> * * https://admin.fedoraproject.org/mailman/listinfo/389-users

> * * > * * >

> * * > * * > * * * * --

> * * > * * > * * * * 389 users mailing list

> * * > * * > * * * * 389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>

> * * > * * >

> * * https://admin.fedoraproject.org/mailman/listinfo/389-users

> * * > * * >

> * * > * * >

> * * > * * >

> * * > * * >

> * * >

> * * ------------------------------------------------------------------------

> * * > * * >

> * * > * * > --

> * * > * * > 389 users mailing list

> * * > * * > 389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > https://admin.fedoraproject.org/mailman/listinfo/389-users

> * * >

> * * > * * --

> * * > * * 389 users mailing list

> * * > * * 389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * https://admin.fedoraproject.org/mailman/listinfo/389-users

> * * >

> * * >

> * * >

> * * ------------------------------------------------------------------------

> * * >

> * * > --

> * * > 389 users mailing list

> * * > 389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > https://admin.fedoraproject.org/mailman/listinfo/389-users

>

> * * --

> * * 389 users mailing list

> * * 389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * https://admin.fedoraproject.org/mailman/listinfo/389-users

>

>

> ------------------------------------------------------------------------

>

> --

> 389 users mailing list

> 389-users@lists.fedoraproject.org

> https://admin.fedoraproject.org/mailman/listinfo/389-users



--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 06-23-2010, 10:34 PM
Rich Megginson
 
Default Directory Re-population

Chun Tat David Chu wrote:
> Hi Rich,
>
> Thanks for helping. I followed your direction and exported another
> LDIF for my 2nd database but whenever I try to load it I get an error
> message "ldap_add: Operations error".
What's in the errors log?
>
> Here's a little information on my DIT hierarchy.
> Database 1: dc=foo,dc=com
> Database 2: dc=new_foo,dc=foo,dc=com
>
> I ran the ldif2db.pl <http://ldif2db.pl> using the verbose switch and
> here's the output.
> ldapmodify: started Wed Jun 23 17:11:34 2010
>
> ldap_init( <hostname>, 389 )
> add objectclass:
> top
> extensibleObject
> add cn:
> import_2010_6_23_17_11_34
> add nsInstance:
> userRoot
> add nsFilename:
> /home/chud/OLAY/LDAP_REPOPULATION_TEST/second_dit.ldif
> add nsImportChunkSize:
> 0
> add nsUniqueIdGenerator:
> time
> adding new entry cn=import_2010_6_23_17_11_34, cn=import, cn=tasks,
> cn=config
> ldap_add: Operations error
>
> At this point, I am stuck. Do you have any idea what went wrong? The
> reload of the root database does work but when I reload the 2nd
> database that sits underneath in the root database in the DIT it
> doesn't work.
>
> Thanks in advance!
>
> - David
>
> On Tue, Jun 22, 2010 at 6:58 PM, Rich Megginson <rmeggins@redhat.com
> <mailto:rmeggins@redhat.com>> wrote:
>
> Chun Tat David Chu wrote:
> > Thanks Rich,
> >
> > I did more experiment, and I noticed one of my database didn't get
> > reload after I ran ldif2db.pl <http://ldif2db.pl>
> <http://ldif2db.pl> script
> >
> > My DIT has a root database and then a sub database under the root
> > database. When I did the export, I exported from the root database.
> > When I ran the ldif2db.pl <http://ldif2db.pl>
> <http://ldif2db.pl> script, only the root
> > database get reloaded but not the sub database.
> >
> > Do you have any ideas?
> Yes. You need an LDIF for each database.
> >
> > Thanks in advance
> >
> > - David
> >
> > On Tue, Jun 22, 2010 at 5:30 PM, Rich Megginson
> <rmeggins@redhat.com <mailto:rmeggins@redhat.com>
> > <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>> wrote:
> >
> > Chun Tat David Chu wrote:
> > > Hi Rich,
> > >
> > > I did some testing and it appears to be working as you
> expected.
> > > The steps involve
> > > 1) Export the directory database to a LDIF
> > > 2) Reload the directory database
> > > 3) Reinitialize the consumer
> > >
> > > I have another question. I noticed there's an ACI on the
> directory
> > > database LDIF.
> > > aci: (targetattr = "*")(version 3.0; acl "SIE Group";
> allow (all)
> > > groupdn = "l
> > > dap:///cn=slapd-foo, cn=Red Hat Directory Server, cn=Server
> > Group, cn=
> > > foo.com <http://foo.com> <http://foo.com>
> <http://foo.com>, ou=tscei.dd-x.com <http://tscei.dd-x.com>
> > <http://tscei.dd-x.com> <http://tscei.dd-x.com>,
> > > o=NetscapeRoot"
> > >
> > > Do I need to modify the hostname in that ACI if I want to
> load the
> > > same directory database into another LDAP? Essentially I want
> > to use
> > > a basic directory database LDIF and load it to a bunch of
> different
> > > development LDAP we have. Some LDAPs are multi-mastered
> configured
> > > and most are not.
> > No, you do not need to change that hostname.
> > >
> > > Thanks in advance
> > >
> > > - David
> > >
> > > On Tue, Jun 22, 2010 at 2:43 PM, Rich Megginson
> > <rmeggins@redhat.com <mailto:rmeggins@redhat.com>
> <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>
> > > <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>
> <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>>> wrote:
> > >
> > > Chun Tat David Chu wrote:
> > > > Another question about directory re-population.
> > > >
> > > > If I want to create a generic LDIF backup for a
> bunch of test
> > > > directory servers, in the exported LDIF file, should I
> > remove the
> > > > following attributes? or it doesn't really matter?
> > > > nsUniqueId: 795dca00-5fa011df-8de2866b-a65dc74a
> > > > creatorsName:
> > > > modifiersName: cn=directory manager
> > > > createTimestamp: 20100514213428Z
> > > > modifyTimestamp: 20100514213430Z
> > > I don't think it matters. I suppose you might want to
> keep
> > > createTimestamp and modifyTimestamp just for your own
> > information.
> > > >
> > > > My LDIF backup will be imported back to the LDAP using
> > > ldif2db.pl <http://ldif2db.pl> <http://ldif2db.pl>
> <http://ldif2db.pl>
> > > > <http://ldif2db.pl>.
> > > >
> > > > - David
> > > >
> > > > On Fri, Jun 18, 2010 at 4:40 PM, Chun Tat David Chu
> > > > <beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>>
> > > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>
> > > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>>>> wrote:
> > > >
> > > > Thanks Rich, I'll give that a try.
> > > >
> > > >
> > > > On Fri, Jun 18, 2010 at 4:20 PM, Rich Megginson
> > > > <rmeggins@redhat.com
> <mailto:rmeggins@redhat.com> <mailto:rmeggins@redhat.com
> <mailto:rmeggins@redhat.com>>
> > <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>
> <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>>
> > > <mailto:rmeggins@redhat.com
> <mailto:rmeggins@redhat.com> <mailto:rmeggins@redhat.com
> <mailto:rmeggins@redhat.com>>
> > <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>
> <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>>>> wrote:
> > > >
> > > > Chun Tat David Chu wrote:
> > > > > Hi Rich,
> > > > >
> > > > > Thanks for replying.
> > > > >
> > > > > Just making sure I'm using the right
> utility. To
> > > > reinitialize the
> > > > > directory, I use the ldif2db.pl
> <http://ldif2db.pl>
> > <http://ldif2db.pl> <http://ldif2db.pl>
> > > <http://ldif2db.pl>
> > > > <http://ldif2db.pl> Perl script right?
> > > > Yes, if you need to restore _all_ servers
> from an LDIF
> > > backup.
> > > > The
> > > > reason I say _all_ is that when you do a restore
> > from a
> > > "raw"
> > > > LDIF file,
> > > > this wipes out all of the replication state
> > information and
> > > > changelog
> > > > information. This means you will have to
> use this
> > server to
> > > > re-init
> > > > other masters and consumers - (I mean
> re-init in the
> > > sense of
> > > > Initializing Consumers -
> > > >
> > >
> >
> http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Managing_Replication-Initializing_Consumers.html)
> > > >
> > > > You can use db2ldif.pl <http://db2ldif.pl>
> <http://db2ldif.pl>
> > <http://db2ldif.pl>
> > > <http://db2ldif.pl> -r to create an
> > > > LDIF file suitable for offline
> > > > replica init
> > > > >
> > > > > - David
> > > > >
> > > > > On Fri, Jun 18, 2010 at 3:58 PM, Rich
> Megginson
> > > > <rmeggins@redhat.com
> <mailto:rmeggins@redhat.com> <mailto:rmeggins@redhat.com
> <mailto:rmeggins@redhat.com>>
> > <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>
> <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>>
> > > <mailto:rmeggins@redhat.com
> <mailto:rmeggins@redhat.com> <mailto:rmeggins@redhat.com
> <mailto:rmeggins@redhat.com>>
> > <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>
> <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>>>
> > > > > <mailto:rmeggins@redhat.com
> <mailto:rmeggins@redhat.com>
> > <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>
> > > <mailto:rmeggins@redhat.com
> <mailto:rmeggins@redhat.com> <mailto:rmeggins@redhat.com
> <mailto:rmeggins@redhat.com>>>
> > <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>
> <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>
> > > <mailto:rmeggins@redhat.com
> <mailto:rmeggins@redhat.com> <mailto:rmeggins@redhat.com
> <mailto:rmeggins@redhat.com>>>>>>
> > > > wrote:
> > > > >
> > > > > Chun Tat David Chu wrote:
> > > > > > Hi all,
> > > > > >
> > > > > > I am hitting an issue with
> reinitializing the
> > > > directory database.
> > > > > >
> > > > > > Basically I have two directory
> servers and
> > they're
> > > > configured using
> > > > > > multi-master replication scheme.
> > > > > >
> > > > > > When I reinitialize the directory
> > database, the
> > > > directory became
> > > > > > inaccessible. I think it is related
> with my
> > > multi-master
> > > > > replication
> > > > > > setup because when I use only
> reinitialize
> > one LDAP,
> > > > it would work
> > > > > > just fine
> > > > > >
> > > > > > My question is if multi-master
> replication is
> > > enabled
> > > > on two LDAPs
> > > > > > then do I need to reinitialize both
> LDAPs
> > at the
> > > same
> > > > time or
> > > > > just one
> > > > > > LDAP?
> > > > > If you use one master (m1) to re-init the
> > other master
> > > > (m2), you
> > > > > do not
> > > > > need to then use m2 to re-init m2.
> > > > > >
> > > > > > Thanks!
> > > > > >
> > > > > > - David
> > > > > >
> > > > > > On Fri, May 14, 2010 at 4:42 PM,
> Chun Tat
> > David Chu
> > > > > > <beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>
> > > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>>
> > > > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>
> > > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>>>
> > > > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>
> > > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>>
> > > > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>
> > > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>>>>
> > > > > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>
> > > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>>
> > > > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>
> > > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>>>
> > > > > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>
> > > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>>
> > > > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>
> > > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>
> > <mailto:beyonddc.storage@gmail.com
> <mailto:beyonddc.storage@gmail.com>>>>>>> wrote:
> > > > > >
> > > > > > Reinitializing the directory
> database
> > does the
> > > > trick! I'm going
> > > > > > to do more testing on it.
> > > > > >
> > > > > > Thanks a lot!
> > > > > >
> > > > > > - David
> > > > > >
> > > > > >
> > > > > > On Fri, May 14, 2010 at 1:43 PM,
> David
> > Boreham
> > > > > > <david_list@boreham.org
> <mailto:david_list@boreham.org>
> > <mailto:david_list@boreham.org <mailto:david_list@boreham.org>>
> > > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org> <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>>>
> > > > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>
> > <mailto:david_list@boreham.org <mailto:david_list@boreham.org>>
> > > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>
> > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>>>> <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>
> > <mailto:david_list@boreham.org <mailto:david_list@boreham.org>>
> > > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org> <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>>>
> > > > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>
> > <mailto:david_list@boreham.org <mailto:david_list@boreham.org>>
> > > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>
> > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>>>>>
> > > > > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>
> > <mailto:david_list@boreham.org <mailto:david_list@boreham.org>>
> > > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org> <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>>>
> > > > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>
> > <mailto:david_list@boreham.org <mailto:david_list@boreham.org>>
> > > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>
> > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>>>> <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>
> > <mailto:david_list@boreham.org <mailto:david_list@boreham.org>>
> > > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org> <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>>>
> > > > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>
> > <mailto:david_list@boreham.org <mailto:david_list@boreham.org>>
> > > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>
> > <mailto:david_list@boreham.org
> <mailto:david_list@boreham.org>>>>>>>
> > > > > wrote:
> > > > > >
> > > > > > On 5/14/2010 11:40 AM, Chun
> Tat David
> > > Chu wrote:
> > > > > > >
> > > > > > > We use 389 Directory as
> part of our
> > > > development lab.
> > > > > Every
> > > > > > time when
> > > > > > > we do a new test, we need to
> > > repopulate our 389
> > > > > directory to
> > > > > > a clean
> > > > > > > slate (i.e. delete all
> existing
> > data and
> > > > re-create a base
> > > > > > hierarchy
> > > > > > > tree).
> > > > > > >
> > > > > > > Our current way of doing so is
> > simply
> > > using
> > > > the ldapdelete
> > > > > > command to
> > > > > > > remove all existing data
> and use
> > > ldapadd to
> > > > re-create
> > > > > the base
> > > > > > > hierarchy tree. This approach
> > is okay but
> > > > sometime it
> > > > > could
> > > > > > take up
> > > > > > > to 20 to 30 minutes to
> delete all
> > > existing data
> > > > > depending on the
> > > > > > > amount of data saved in the
> > directory.
> > > > > > >
> > > > > > > Is there a more efficient
> way to
> > > repopulate
> > > > the 389
> > > > > Directory?
> > > > > >
> > > > > > Yes. Import an almost empty
> LDIF file.
> > > You can
> > > > also copy the
> > > > > > on-disk
> > > > > > database underneath a server
> (when
> > it is
> > > shut
> > > > down), if you
> > > > > > know what
> > > > > > you're doing.
> > > > > >
> > > > > > --
> > > > > > 389 users mailing list
> > > > > >
> 389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>
> > > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>>
> > > > >
> <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>
> > > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>>>
> > > > > >
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>
> > > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>>
> > > > >
> <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>
> > > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>>>>
> > > > > >
> > > >
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> ------------------------------------------------------------------------
> > > > > >
> > > > > > --
> > > > > > 389 users mailing list
> > > > > > 389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>
> > > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>>
> > > > >
> <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>
> > > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>>>
> > > > > >
> > > https://admin.fedoraproject.org/mailman/listinfo/389-users
> > > > >
> > > > > --
> > > > > 389 users mailing list
> > > > > 389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>
> > > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>>
> > > > >
> <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>
> > > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>>>
> > > > >
> > > https://admin.fedoraproject.org/mailman/listinfo/389-users
> > > > >
> > > > >
> > > > >
> > > >
> > >
> >
> ------------------------------------------------------------------------
> > > > >
> > > > > --
> > > > > 389 users mailing list
> > > > > 389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>
> > > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>>
> > > > >
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
> > > >
> > > > --
> > > > 389 users mailing list
> > > > 389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>
> > > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>>
> > > >
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
> > > >
> > > >
> > > >
> > > >
> > >
> >
> ------------------------------------------------------------------------
> > > >
> > > > --
> > > > 389 users mailing list
> > > > 389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>
> > > >
> https://admin.fedoraproject.org/mailman/listinfo/389-users
> > >
> > > --
> > > 389 users mailing list
> > > 389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>>
> > > https://admin.fedoraproject.org/mailman/listinfo/389-users
> > >
> > >
> > >
> >
> ------------------------------------------------------------------------
> > >
> > > --
> > > 389 users mailing list
> > > 389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > > https://admin.fedoraproject.org/mailman/listinfo/389-users
> >
> > --
> > 389 users mailing list
> > 389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > <mailto:389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
> >
> >
> >
> ------------------------------------------------------------------------
> >
> > --
> > 389 users mailing list
> > 389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 06-23-2010, 10:44 PM
Chun Tat David Chu
 
Default Directory Re-population

Hi Rich,

I looked at both access log and error log.* The access log has an addition of ldap_add failure but the error log doesn't say anything about the failure on loading the 2nd database.

- David


Access Log
[23/Jun/2010:18:37:09 -0400] conn=12180 fd=118 slot=118 connection from 138.125.205.65 to 138.125.205.65
[23/Jun/2010:18:37:09 -0400] conn=12180 op=0 BIND dn="cn=Directory Manager" method=128 version=3

[23/Jun/2010:18:37:09 -0400] conn=12180 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=tscei ldap directory manager"
[23/Jun/2010:18:37:09 -0400] conn=12180 op=1 ADD dn="cn=import_2010_6_23_18_37_9, cn=import, cn=tasks, cn=config"

[23/Jun/2010:18:37:11 -0400] conn=12180 op=1 RESULT err=0 tag=105 nentries=0 etime=2
[23/Jun/2010:18:37:11 -0400] conn=12180 op=2 UNBIND
[23/Jun/2010:18:37:11 -0400] conn=12180 op=2 fd=118 closed - U1
[23/Jun/2010:18:37:11 -0400] conn=12181 fd=119 slot=119 connection from 138.125.205.65 to 138.125.205.65

[23/Jun/2010:18:37:11 -0400] conn=12181 op=0 BIND dn="cn=Directory Manager" method=128 version=3
[23/Jun/2010:18:37:11 -0400] conn=12181 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=tscei ldap directory manager"

[23/Jun/2010:18:37:11 -0400] conn=12181 op=1 ADD dn="cn=import_2010_6_23_18_37_12, cn=import, cn=tasks, cn=config"
[23/Jun/2010:18:37:11 -0400] conn=12181 op=1 RESULT err=1 tag=105 nentries=0 etime=0
[23/Jun/2010:18:37:11 -0400] conn=12181 op=2 UNBIND


Error Log
[23/Jun/2010:18:37:11 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database
[23/Jun/2010:18:37:11 -0400] - import userRoot: Beginning import job...

[23/Jun/2010:18:37:11 -0400] - ldbm: 'userRoot' is already in the middle of another task and cannot be disturbed.
[23/Jun/2010:18:37:11 -0400] - import userRoot: Index buffering enabled with bucket size 19
[23/Jun/2010:18:37:11 -0400] - import userRoot: Processing file "/home/chud/OLAY/LDAP_REPOPULATION_TEST/dit.ldif"

[23/Jun/2010:18:37:11 -0400] - import userRoot: Finished scanning file "/home/chud/OLAY/LDAP_REPOPULATION_TEST/dit.ldif" (97 entries)
[23/Jun/2010:18:37:12 -0400] - import userRoot: Workers finished; cleaning up...

[23/Jun/2010:18:37:12 -0400] - import userRoot: Workers cleaned up.
[23/Jun/2010:18:37:12 -0400] - import userRoot: Cleaning up producer thread...
[23/Jun/2010:18:37:12 -0400] - import userRoot: Indexing complete.* Post-processing...

[23/Jun/2010:18:37:12 -0400] - import userRoot: Flushing caches...
[23/Jun/2010:18:37:12 -0400] - import userRoot: Closing files...
[23/Jun/2010:18:37:12 -0400] - import userRoot: Import complete.* Processed 97 entries (91 entries were skipped because they don't belong to this database) in 1 seconds. (97.00 entries/sec)


On Wed, Jun 23, 2010 at 6:34 PM, Rich Megginson <rmeggins@redhat.com> wrote:

Chun Tat David Chu wrote:

> Hi Rich,

>

> Thanks for helping. *I followed your direction and exported another

> LDIF for my 2nd database but whenever I try to load it I get an error

> message "ldap_add: Operations error".

What's in the errors log?

>

> Here's a little information on my DIT hierarchy.

> Database 1: dc=foo,dc=com

> Database 2: dc=new_foo,dc=foo,dc=com

>

> I ran the ldif2db.pl <http://ldif2db.pl> using the verbose switch and

> here's the output.

> ldapmodify: started Wed Jun 23 17:11:34 2010

>

> ldap_init( <hostname>, 389 )

> add objectclass:

> * * * * top

> * * * * extensibleObject

> add cn:

> * * * * import_2010_6_23_17_11_34

> add nsInstance:

> * * * * userRoot

> add nsFilename:

> * * * * /home/chud/OLAY/LDAP_REPOPULATION_TEST/second_dit.ldif

> add nsImportChunkSize:

> * * * * 0

> add nsUniqueIdGenerator:

> * * * * time

> adding new entry cn=import_2010_6_23_17_11_34, cn=import, cn=tasks,

> cn=config

> ldap_add: Operations error

>

> At this point, I am stuck. *Do you have any idea what went wrong? *The

> reload of the root database does work but when I reload the 2nd

> database that sits underneath in the root database in the DIT it

> doesn't work.

>

> Thanks in advance!

>

> - David

>

> On Tue, Jun 22, 2010 at 6:58 PM, Rich Megginson <rmeggins@redhat.com

> <mailto:rmeggins@redhat.com>> wrote:

>

> * * Chun Tat David Chu wrote:

> * * > Thanks Rich,

> * * >

> * * > I did more experiment, and I noticed one of my database didn't get

> * * > reload after I ran ldif2db.pl <http://ldif2db.pl>

> * * <http://ldif2db.pl> script

> * * >

> * * > My DIT has a root database and then a sub database under the root

> * * > database. *When I did the export, I exported from the root database.

> * * > When I ran the ldif2db.pl <http://ldif2db.pl>

> * * <http://ldif2db.pl> script, only the root

> * * > database get reloaded but not the sub database.

> * * >

> * * > Do you have any ideas?

> * * Yes. *You need an LDIF for each database.

> * * >

> * * > Thanks in advance

> * * >

> * * > - David

> * * >

> * * > On Tue, Jun 22, 2010 at 5:30 PM, Rich Megginson

> * * <rmeggins@redhat.com <mailto:rmeggins@redhat.com>

> * * > <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>> wrote:

> * * >

> * * > * * Chun Tat David Chu wrote:

> * * > * * > Hi Rich,

> * * > * * >

> * * > * * > I did some testing and it appears to be working as you

> * * expected.

> * * > * * > The steps involve

> * * > * * > 1) Export the directory database to a LDIF

> * * > * * > 2) Reload the directory database

> * * > * * > 3) Reinitialize the consumer

> * * > * * >

> * * > * * > I have another question. *I noticed there's an ACI on the

> * * directory

> * * > * * > database LDIF.

> * * > * * > aci: (targetattr = "*")(version 3.0; acl "SIE Group";

> * * allow (all)

> * * > * * > groupdn = "l

> * * > * * > *dap:///cn=slapd-foo, cn=Red Hat Directory Server, cn=Server

> * * > * * Group, cn=

> * * > * * > *foo.com <http://foo.com> <http://foo.com>

> * * <http://foo.com>, ou=tscei.dd-x.com <http://tscei.dd-x.com>


> * * > * * <http://tscei.dd-x.com> <http://tscei.dd-x.com>,

> * * > * * > o=NetscapeRoot"

> * * > * * >

> * * > * * > Do I need to modify the hostname in that ACI if I want to

> * * load the

> * * > * * > same directory database into another LDAP? *Essentially I want

> * * > * * to use

> * * > * * > a basic directory database LDIF and load it to a bunch of

> * * different

> * * > * * > development LDAP we have. *Some LDAPs are multi-mastered

> * * configured

> * * > * * > and most are not.

> * * > * * No, you do not need to change that hostname.

> * * > * * >

> * * > * * > Thanks in advance

> * * > * * >

> * * > * * > - David

> * * > * * >

> * * > * * > On Tue, Jun 22, 2010 at 2:43 PM, Rich Megginson

> * * > * * <rmeggins@redhat.com <mailto:rmeggins@redhat.com>

> * * <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>

> * * > * * > <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>

> * * <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>>> wrote:

> * * > * * >

> * * > * * > * * Chun Tat David Chu wrote:

> * * > * * > * * > Another question about directory re-population.

> * * > * * > * * >

> * * > * * > * * > If I want to create a generic LDIF backup for a

> * * bunch of test

> * * > * * > * * > directory servers, in the exported LDIF file, should I

> * * > * * remove the

> * * > * * > * * > following attributes? or it doesn't really matter?

> * * > * * > * * > nsUniqueId: 795dca00-5fa011df-8de2866b-a65dc74a

> * * > * * > * * > creatorsName:

> * * > * * > * * > modifiersName: cn=directory manager

> * * > * * > * * > createTimestamp: 20100514213428Z

> * * > * * > * * > modifyTimestamp: 20100514213430Z

> * * > * * > * * I don't think it matters. *I suppose you might want to

> * * keep

> * * > * * > * * createTimestamp and modifyTimestamp just for your own

> * * > * * information.

> * * > * * > * * >

> * * > * * > * * > My LDIF backup will be imported back to the LDAP using

> * * > * * > * * ldif2db.pl <http://ldif2db.pl> <http://ldif2db.pl>


> * * <http://ldif2db.pl>

> * * > * * > * * > <http://ldif2db.pl>.

> * * > * * > * * >

> * * > * * > * * > - David

> * * > * * > * * >

> * * > * * > * * > On Fri, Jun 18, 2010 at 4:40 PM, Chun Tat David Chu

> * * > * * > * * > <beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>>

> * * > * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>

> * * > * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>>>> wrote:

> * * > * * > * * >

> * * > * * > * * > * * Thanks Rich, I'll give that a try.

> * * > * * > * * >

> * * > * * > * * >

> * * > * * > * * > * * On Fri, Jun 18, 2010 at 4:20 PM, Rich Megginson

> * * > * * > * * > * * <rmeggins@redhat.com

> * * <mailto:rmeggins@redhat.com> <mailto:rmeggins@redhat.com

> * * <mailto:rmeggins@redhat.com>>

> * * > * * <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>

> * * <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>>

> * * > * * > * * <mailto:rmeggins@redhat.com

> * * <mailto:rmeggins@redhat.com> <mailto:rmeggins@redhat.com

> * * <mailto:rmeggins@redhat.com>>

> * * > * * <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>

> * * <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>>>> wrote:

> * * > * * > * * >

> * * > * * > * * > * * * * Chun Tat David Chu wrote:

> * * > * * > * * > * * * * > Hi Rich,

> * * > * * > * * > * * * * >

> * * > * * > * * > * * * * > Thanks for replying.

> * * > * * > * * > * * * * >

> * * > * * > * * > * * * * > Just making sure I'm using the right

> * * utility. *To

> * * > * * > * * > * * * * reinitialize the

> * * > * * > * * > * * * * > directory, I use the ldif2db.pl

> * * <http://ldif2db.pl>

> * * > * * <http://ldif2db.pl> <http://ldif2db.pl>

> * * > * * > * * <http://ldif2db.pl>

> * * > * * > * * > * * * * <http://ldif2db.pl> Perl script right?

> * * > * * > * * > * * * * Yes, if you need to restore _all_ servers

> * * from an LDIF

> * * > * * > * * backup.

> * * > * * > * * > * * * * *The

> * * > * * > * * > * * * * reason I say _all_ is that when you do a restore

> * * > * * from a

> * * > * * > * * "raw"

> * * > * * > * * > * * * * LDIF file,

> * * > * * > * * > * * * * this wipes out all of the replication state

> * * > * * information and

> * * > * * > * * > * * * * changelog

> * * > * * > * * > * * * * information. *This means you will have to

> * * use this

> * * > * * server to

> * * > * * > * * > * * * * re-init

> * * > * * > * * > * * * * other masters and consumers - (I mean

> * * re-init in the

> * * > * * > * * sense of

> * * > * * > * * > * * * * Initializing Consumers -

> * * > * * > * * >

> * * > * * >

> * * >

> * * http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Managing_Replication-Initializing_Consumers.html)


> * * > * * > * * >

> * * > * * > * * > * * * * You can use db2ldif.pl <http://db2ldif.pl>

> * * <http://db2ldif.pl>

> * * > * * <http://db2ldif.pl>

> * * > * * > * * <http://db2ldif.pl> -r to create an

> * * > * * > * * > * * * * LDIF file suitable for offline

> * * > * * > * * > * * * * replica init

> * * > * * > * * > * * * * >

> * * > * * > * * > * * * * > - David

> * * > * * > * * > * * * * >

> * * > * * > * * > * * * * > On Fri, Jun 18, 2010 at 3:58 PM, Rich

> * * Megginson

> * * > * * > * * > * * * * <rmeggins@redhat.com

> * * <mailto:rmeggins@redhat.com> <mailto:rmeggins@redhat.com

> * * <mailto:rmeggins@redhat.com>>

> * * > * * <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>

> * * <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>>

> * * > * * > * * <mailto:rmeggins@redhat.com

> * * <mailto:rmeggins@redhat.com> <mailto:rmeggins@redhat.com

> * * <mailto:rmeggins@redhat.com>>

> * * > * * <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>

> * * <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>>>

> * * > * * > * * > * * * * > <mailto:rmeggins@redhat.com

> * * <mailto:rmeggins@redhat.com>

> * * > * * <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>

> * * > * * > * * <mailto:rmeggins@redhat.com

> * * <mailto:rmeggins@redhat.com> <mailto:rmeggins@redhat.com

> * * <mailto:rmeggins@redhat.com>>>

> * * > * * <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>

> * * <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>

> * * > * * > * * <mailto:rmeggins@redhat.com

> * * <mailto:rmeggins@redhat.com> <mailto:rmeggins@redhat.com

> * * <mailto:rmeggins@redhat.com>>>>>>

> * * > * * > * * > * * * * wrote:

> * * > * * > * * > * * * * >

> * * > * * > * * > * * * * > * * Chun Tat David Chu wrote:

> * * > * * > * * > * * * * > * * > Hi all,

> * * > * * > * * > * * * * > * * >

> * * > * * > * * > * * * * > * * > I am hitting an issue with

> * * reinitializing the

> * * > * * > * * > * * * * directory database.

> * * > * * > * * > * * * * > * * >

> * * > * * > * * > * * * * > * * > Basically I have two directory

> * * servers and

> * * > * * they're

> * * > * * > * * > * * * * configured using

> * * > * * > * * > * * * * > * * > multi-master replication scheme.

> * * > * * > * * > * * * * > * * >

> * * > * * > * * > * * * * > * * > When I reinitialize the directory

> * * > * * database, the

> * * > * * > * * > * * * * directory became

> * * > * * > * * > * * * * > * * > inaccessible. *I think it is related

> * * with my

> * * > * * > * * multi-master

> * * > * * > * * > * * * * > * * replication

> * * > * * > * * > * * * * > * * > setup because when I use only

> * * reinitialize

> * * > * * one LDAP,

> * * > * * > * * > * * * * it would work

> * * > * * > * * > * * * * > * * > just fine

> * * > * * > * * > * * * * > * * >

> * * > * * > * * > * * * * > * * > My question is if multi-master

> * * replication is

> * * > * * > * * enabled

> * * > * * > * * > * * * * on two LDAPs

> * * > * * > * * > * * * * > * * > then do I need to reinitialize both

> * * LDAPs

> * * > * * at the

> * * > * * > * * same

> * * > * * > * * > * * * * time or

> * * > * * > * * > * * * * > * * just one

> * * > * * > * * > * * * * > * * > LDAP?

> * * > * * > * * > * * * * > * * If you use one master (m1) to re-init the

> * * > * * other master

> * * > * * > * * > * * * * (m2), you

> * * > * * > * * > * * * * > * * do not

> * * > * * > * * > * * * * > * * need to then use m2 to re-init m2.

> * * > * * > * * > * * * * > * * >

> * * > * * > * * > * * * * > * * > Thanks!

> * * > * * > * * > * * * * > * * >

> * * > * * > * * > * * * * > * * > - David

> * * > * * > * * > * * * * > * * >

> * * > * * > * * > * * * * > * * > On Fri, May 14, 2010 at 4:42 PM,

> * * Chun Tat

> * * > * * David Chu

> * * > * * > * * > * * * * > * * > <beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>

> * * > * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>>

> * * > * * > * * > * * * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>

> * * > * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>>>

> * * > * * > * * > * * * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>

> * * > * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>>

> * * > * * > * * > * * * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>

> * * > * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>>>>

> * * > * * > * * > * * * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>

> * * > * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>>

> * * > * * > * * > * * * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>

> * * > * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>>>

> * * > * * > * * > * * * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>

> * * > * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>>

> * * > * * > * * > * * * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>

> * * > * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>

> * * > * * <mailto:beyonddc.storage@gmail.com

> * * <mailto:beyonddc.storage@gmail.com>>>>>>> wrote:

> * * > * * > * * > * * * * > * * >

> * * > * * > * * > * * * * > * * > * * Reinitializing the directory

> * * database

> * * > * * does the

> * * > * * > * * > * * * * trick! *I'm going

> * * > * * > * * > * * * * > * * > * * to do more testing on it.

> * * > * * > * * > * * * * > * * >

> * * > * * > * * > * * * * > * * > * * Thanks a lot!

> * * > * * > * * > * * * * > * * >

> * * > * * > * * > * * * * > * * > * * - David

> * * > * * > * * > * * * * > * * >

> * * > * * > * * > * * * * > * * >

> * * > * * > * * > * * * * > * * > * * On Fri, May 14, 2010 at 1:43 PM,

> * * David

> * * > * * Boreham

> * * > * * > * * > * * * * > * * > * * <david_list@boreham.org

> * * <mailto:david_list@boreham.org>

> * * > * * <mailto:david_list@boreham.org <mailto:david_list@boreham.org>>

> * * > * * > * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org> <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>>>

> * * > * * > * * > * * * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>

> * * > * * <mailto:david_list@boreham.org <mailto:david_list@boreham.org>>

> * * > * * > * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>

> * * > * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>>>> <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>

> * * > * * <mailto:david_list@boreham.org <mailto:david_list@boreham.org>>

> * * > * * > * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org> <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>>>

> * * > * * > * * > * * * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>

> * * > * * <mailto:david_list@boreham.org <mailto:david_list@boreham.org>>

> * * > * * > * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>

> * * > * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>>>>>

> * * > * * > * * > * * * * > * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>

> * * > * * <mailto:david_list@boreham.org <mailto:david_list@boreham.org>>

> * * > * * > * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org> <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>>>

> * * > * * > * * > * * * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>

> * * > * * <mailto:david_list@boreham.org <mailto:david_list@boreham.org>>

> * * > * * > * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>

> * * > * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>>>> <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>

> * * > * * <mailto:david_list@boreham.org <mailto:david_list@boreham.org>>

> * * > * * > * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org> <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>>>

> * * > * * > * * > * * * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>

> * * > * * <mailto:david_list@boreham.org <mailto:david_list@boreham.org>>

> * * > * * > * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>

> * * > * * <mailto:david_list@boreham.org

> * * <mailto:david_list@boreham.org>>>>>>>

> * * > * * > * * > * * * * > * * wrote:

> * * > * * > * * > * * * * > * * >

> * * > * * > * * > * * * * > * * > * * * * On 5/14/2010 11:40 AM, Chun

> * * Tat David

> * * > * * > * * Chu wrote:

> * * > * * > * * > * * * * > * * > * * * * >

> * * > * * > * * > * * * * > * * > * * * * > We use 389 Directory as

> * * part of our

> * * > * * > * * > * * * * development lab.

> * * > * * > * * > * * * * > * * *Every

> * * > * * > * * > * * * * > * * > * * * * time when

> * * > * * > * * > * * * * > * * > * * * * > we do a new test, we need to

> * * > * * > * * repopulate our 389

> * * > * * > * * > * * * * > * * directory to

> * * > * * > * * > * * * * > * * > * * * * a clean

> * * > * * > * * > * * * * > * * > * * * * > slate (i.e. delete all

> * * existing

> * * > * * data and

> * * > * * > * * > * * * * re-create a base

> * * > * * > * * > * * * * > * * > * * * * hierarchy

> * * > * * > * * > * * * * > * * > * * * * > tree).

> * * > * * > * * > * * * * > * * > * * * * >

> * * > * * > * * > * * * * > * * > * * * * > Our current way of doing so is

> * * > * * simply

> * * > * * > * * using

> * * > * * > * * > * * * * the ldapdelete

> * * > * * > * * > * * * * > * * > * * * * command to

> * * > * * > * * > * * * * > * * > * * * * > remove all existing data

> * * and use

> * * > * * > * * ldapadd to

> * * > * * > * * > * * * * re-create

> * * > * * > * * > * * * * > * * the base

> * * > * * > * * > * * * * > * * > * * * * > hierarchy tree. *This approach

> * * > * * is okay but

> * * > * * > * * > * * * * sometime it

> * * > * * > * * > * * * * > * * could

> * * > * * > * * > * * * * > * * > * * * * take up

> * * > * * > * * > * * * * > * * > * * * * > to 20 to 30 minutes to

> * * delete all

> * * > * * > * * existing data

> * * > * * > * * > * * * * > * * depending on the

> * * > * * > * * > * * * * > * * > * * * * > amount of data saved in the

> * * > * * directory.

> * * > * * > * * > * * * * > * * > * * * * >

> * * > * * > * * > * * * * > * * > * * * * > Is there a more efficient

> * * way to

> * * > * * > * * repopulate

> * * > * * > * * > * * * * the 389

> * * > * * > * * > * * * * > * * Directory?

> * * > * * > * * > * * * * > * * >

> * * > * * > * * > * * * * > * * > * * * * Yes. Import an almost empty

> * * LDIF file.

> * * > * * > * * You can

> * * > * * > * * > * * * * also copy the

> * * > * * > * * > * * * * > * * > * * * * on-disk

> * * > * * > * * > * * * * > * * > * * * * database underneath a server

> * * (when

> * * > * * it is

> * * > * * > * * shut

> * * > * * > * * > * * * * down), if you

> * * > * * > * * > * * * * > * * > * * * * know what

> * * > * * > * * > * * * * > * * > * * * * you're doing.

> * * > * * > * * > * * * * > * * >

> * * > * * > * * > * * * * > * * > * * * * --

> * * > * * > * * > * * * * > * * > * * * * 389 users mailing list

> * * > * * > * * > * * * * > * * >

> * * 389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>

> * * > * * > * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>>

> * * > * * > * * > * * * * >

> * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>

> * * > * * > * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>>>

> * * > * * > * * > * * * * > * * >

> * * > * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>

> * * > * * > * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>>

> * * > * * > * * > * * * * >

> * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>

> * * > * * > * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>>>>

> * * > * * > * * > * * * * > * * >

> * * > * * > * * >

> * * > * * https://admin.fedoraproject.org/mailman/listinfo/389-users

> * * > * * > * * > * * * * > * * >

> * * > * * > * * > * * * * > * * >

> * * > * * > * * > * * * * > * * >

> * * > * * > * * > * * * * > * * >

> * * > * * > * * > * * * * >

> * * > * * > * * >

> * * > * * >

> * * >

> * * ------------------------------------------------------------------------

> * * > * * > * * > * * * * > * * >

> * * > * * > * * > * * * * > * * > --

> * * > * * > * * > * * * * > * * > 389 users mailing list

> * * > * * > * * > * * * * > * * > 389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>

> * * > * * > * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>>

> * * > * * > * * > * * * * >

> * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>

> * * > * * > * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>>>

> * * > * * > * * > * * * * > * * >

> * * > * * > * * https://admin.fedoraproject.org/mailman/listinfo/389-users

> * * > * * > * * > * * * * >

> * * > * * > * * > * * * * > * * --

> * * > * * > * * > * * * * > * * 389 users mailing list

> * * > * * > * * > * * * * > * * 389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>

> * * > * * > * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>>

> * * > * * > * * > * * * * >

> * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>

> * * > * * > * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>>>

> * * > * * > * * > * * * * >

> * * > * * > * * https://admin.fedoraproject.org/mailman/listinfo/389-users

> * * > * * > * * > * * * * >

> * * > * * > * * > * * * * >

> * * > * * > * * > * * * * >

> * * > * * > * * >

> * * > * * >

> * * >

> * * ------------------------------------------------------------------------

> * * > * * > * * > * * * * >

> * * > * * > * * > * * * * > --

> * * > * * > * * > * * * * > 389 users mailing list

> * * > * * > * * > * * * * > 389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>

> * * > * * > * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>>

> * * > * * > * * > * * * * >

> * * > * * https://admin.fedoraproject.org/mailman/listinfo/389-users

> * * > * * > * * >

> * * > * * > * * > * * * * --

> * * > * * > * * > * * * * 389 users mailing list

> * * > * * > * * > * * * * 389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>

> * * > * * > * * > * * * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>>

> * * > * * > * * >

> * * > * * https://admin.fedoraproject.org/mailman/listinfo/389-users

> * * > * * > * * >

> * * > * * > * * >

> * * > * * > * * >

> * * > * * > * * >

> * * > * * >

> * * >

> * * ------------------------------------------------------------------------

> * * > * * > * * >

> * * > * * > * * > --

> * * > * * > * * > 389 users mailing list

> * * > * * > * * > 389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>

> * * > * * > * * >

> * * https://admin.fedoraproject.org/mailman/listinfo/389-users

> * * > * * >

> * * > * * > * * --

> * * > * * > * * 389 users mailing list

> * * > * * > * * 389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>>

> * * > * * > * * https://admin.fedoraproject.org/mailman/listinfo/389-users

> * * > * * >

> * * > * * >

> * * > * * >

> * * >

> * * ------------------------------------------------------------------------

> * * > * * >

> * * > * * > --

> * * > * * > 389 users mailing list

> * * > * * > 389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * > https://admin.fedoraproject.org/mailman/listinfo/389-users

> * * >

> * * > * * --

> * * > * * 389 users mailing list

> * * > * * 389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > * * <mailto:389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>>

> * * > * * https://admin.fedoraproject.org/mailman/listinfo/389-users

> * * >

> * * >

> * * >

> * * ------------------------------------------------------------------------

> * * >

> * * > --

> * * > 389 users mailing list

> * * > 389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * > https://admin.fedoraproject.org/mailman/listinfo/389-users

>

> * * --

> * * 389 users mailing list

> * * 389-users@lists.fedoraproject.org

> * * <mailto:389-users@lists.fedoraproject.org>

> * * https://admin.fedoraproject.org/mailman/listinfo/389-users

>

>

> ------------------------------------------------------------------------

>

> --

> 389 users mailing list

> 389-users@lists.fedoraproject.org

> https://admin.fedoraproject.org/mailman/listinfo/389-users



--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 06-23-2010, 10:47 PM
Chun Tat David Chu
 
Default Directory Re-population

Hi Rich,

I looked at both access log and error log.* The access
log has an addition of ldap_add failure but the error log doesn't say
anything about the failure on loading the 2nd database.

- David


Access Log
[23/Jun/2010:18:37:09 -0400] conn=12180 fd=118 slot=118
connection from 138.125.205.65 to 138.125.205.65
[23/Jun/2010:18:37:09
-0400] conn=12180 op=0 BIND dn="cn=Directory Manager" method=128
version=3

[23/Jun/2010:18:37:09 -0400] conn=12180 op=0 RESULT err=0 tag=97
nentries=0 etime=0 dn="cn=directory manager"
[23/Jun/2010:18:37:09
-0400] conn=12180 op=1 ADD dn="cn=import_2010_6_23_18_37_9,
cn=import, cn=tasks, cn=config"

[23/Jun/2010:18:37:11 -0400] conn=12180 op=1 RESULT err=0 tag=105
nentries=0 etime=2
[23/Jun/2010:18:37:11 -0400] conn=12180 op=2
UNBIND
[23/Jun/2010:18:37:11 -0400] conn=12180 op=2 fd=118 closed -
U1
[23/Jun/2010:18:37:11 -0400] conn=12181 fd=119 slot=119 connection
from 138.125.205.65 to 138.125.205.65

[23/Jun/2010:18:37:11 -0400] conn=12181 op=0 BIND dn="cn=Directory
Manager" method=128 version=3
[23/Jun/2010:18:37:11 -0400] conn=12181
op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory
manager"

[23/Jun/2010:18:37:11 -0400] conn=12181 op=1 ADD
dn="cn=import_2010_6_23_18_37_12, cn=import, cn=tasks, cn=config"
[23/Jun/2010:18:37:11
-0400] conn=12181 op=1 RESULT err=1 tag=105 nentries=0 etime=0
[23/Jun/2010:18:37:11
-0400] conn=12181 op=2 UNBIND


Error Log
[23/Jun/2010:18:37:11 -0400] - WARNING: Import is
running with nsslapd-db-private-import-mem on; No other process is
allowed to access the database
[23/Jun/2010:18:37:11 -0400] - import
userRoot: Beginning import job...

[23/Jun/2010:18:37:11 -0400] - ldbm: 'userRoot' is already in the middle
of another task and cannot be disturbed.
[23/Jun/2010:18:37:11
-0400] - import userRoot: Index buffering enabled with bucket size 19
[23/Jun/2010:18:37:11
-0400] - import userRoot: Processing file "/home/chud/OLAY/LDAP_REPOPULATION_TEST/dit.ldif"

[23/Jun/2010:18:37:11 -0400] - import userRoot: Finished scanning file
"/home/chud/OLAY/LDAP_REPOPULATION_TEST/dit.ldif" (97 entries)
[23/Jun/2010:18:37:12
-0400] - import userRoot: Workers finished; cleaning up...

[23/Jun/2010:18:37:12 -0400] - import userRoot: Workers cleaned up.
[23/Jun/2010:18:37:12
-0400] - import userRoot: Cleaning up producer thread...
[23/Jun/2010:18:37:12
-0400] - import userRoot: Indexing complete.* Post-processing...

[23/Jun/2010:18:37:12 -0400] - import userRoot: Flushing caches...
[23/Jun/2010:18:37:12
-0400] - import userRoot: Closing files...
[23/Jun/2010:18:37:12
-0400] - import userRoot: Import complete.* Processed 97 entries (91
entries were skipped because they don't belong to this database) in 1
seconds. (97.00 entries/sec)

On Wed, Jun 23, 2010 at 6:34 PM, Rich Megginson <rmeggins@redhat.com> wrote:

Chun Tat David Chu wrote:

> Hi Rich,

>

> Thanks for helping. *I followed your direction and exported another

> LDIF for my 2nd database but whenever I try to load it I get an error

> message "ldap_add: Operations error".

What's in the errors log?

>

> Here's a little information on my DIT hierarchy.

> Database 1: dc=foo,dc=com

> Database 2: dc=new_foo,dc=foo,dc=com

>

> I ran the ldif2db.pl <http://ldif2db.pl> using the verbose switch and

> here's the output.

> ldapmodify: started Wed Jun 23 17:11:34 2010

>

> ldap_init( <hostname>, 389 )

> add objectclass:

> * * * * top

> * * * * extensibleObject

> add cn:

> * * * * import_2010_6_23_17_11_34

> add nsInstance:

> * * * * userRoot

> add nsFilename:

> * * * * /home/chud/OLAY/LDAP_REPOPULATION_TEST/second_dit.ldif

> add nsImportChunkSize:

> * * * * 0

> add nsUniqueIdGenerator:

> * * * * time

> adding new entry cn=import_2010_6_23_17_11_34, cn=import, cn=tasks,

> cn=config

> ldap_add: Operations error

>

> At this point, I am stuck. *Do you have any idea what went wrong? *The

> reload of the root database does work but when I reload the 2nd

> database that sits underneath in the root database in the DIT it

> doesn't work.

>

> Thanks in advance!

>

> - David

>


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 06-23-2010, 10:48 PM
Rich Megginson
 
Default Directory Re-population

Chun Tat David Chu wrote:
> Hi Rich,
>
> I looked at both access log and error log. The access log has an
> addition of ldap_add failure but the error log doesn't say anything
> about the failure on loading the 2nd database.
What were the exact command line arguments you passed to ldif2db.pl? It
looks as though you specified "userRoot" as the name of both databases -
the database for your sub-suffix must have a different name - or you can
use the -s "suffix" argument instead of -n databaseName
>
> - David
>
> Access Log
> [23/Jun/2010:18:37:09 -0400] conn=12180 fd=118 slot=118 connection
> from 138.125.205.65 to 138.125.205.65
> [23/Jun/2010:18:37:09 -0400] conn=12180 op=0 BIND dn="cn=Directory
> Manager" method=128 version=3
> [23/Jun/2010:18:37:09 -0400] conn=12180 op=0 RESULT err=0 tag=97
> nentries=0 etime=0 dn="cn=directory manager"
> [23/Jun/2010:18:37:09 -0400] conn=12180 op=1 ADD
> dn="cn=import_2010_6_23_18_37_
> 9, cn=import, cn=tasks, cn=config"
> [23/Jun/2010:18:37:11 -0400] conn=12180 op=1 RESULT err=0 tag=105
> nentries=0 etime=2
> [23/Jun/2010:18:37:11 -0400] conn=12180 op=2 UNBIND
> [23/Jun/2010:18:37:11 -0400] conn=12180 op=2 fd=118 closed - U1
> [23/Jun/2010:18:37:11 -0400] conn=12181 fd=119 slot=119 connection
> from 138.125.205.65 to 138.125.205.65
> [23/Jun/2010:18:37:11 -0400] conn=12181 op=0 BIND dn="cn=Directory
> Manager" method=128 version=3
> [23/Jun/2010:18:37:11 -0400] conn=12181 op=0 RESULT err=0 tag=97
> nentries=0 etime=0 dn="cn=directory manager"
> [23/Jun/2010:18:37:11 -0400] conn=12181 op=1 ADD
> dn="cn=import_2010_6_23_18_37_12, cn=import, cn=tasks, cn=config"
> [23/Jun/2010:18:37:11 -0400] conn=12181 op=1 RESULT err=1 tag=105
> nentries=0 etime=0
> [23/Jun/2010:18:37:11 -0400] conn=12181 op=2 UNBIND
>
> Error Log
> [23/Jun/2010:18:37:11 -0400] - WARNING: Import is running with
> nsslapd-db-private-import-mem on; No other process is allowed to
> access the database
> [23/Jun/2010:18:37:11 -0400] - import userRoot: Beginning import job...
> [23/Jun/2010:18:37:11 -0400] - ldbm: 'userRoot' is already in the
> middle of another task and cannot be disturbed.
> [23/Jun/2010:18:37:11 -0400] - import userRoot: Index buffering
> enabled with bucket size 19
> [23/Jun/2010:18:37:11 -0400] - import userRoot: Processing file
> "/home/chud/OLAY/LDAP_REPOPULATION_TEST/dit.ldif"
> [23/Jun/2010:18:37:11 -0400] - import userRoot: Finished scanning file
> "/home/chud/OLAY/LDAP_REPOPULATION_TEST/dit.ldif" (97 entries)
> [23/Jun/2010:18:37:12 -0400] - import userRoot: Workers finished;
> cleaning up...
> [23/Jun/2010:18:37:12 -0400] - import userRoot: Workers cleaned up.
> [23/Jun/2010:18:37:12 -0400] - import userRoot: Cleaning up producer
> thread...
> [23/Jun/2010:18:37:12 -0400] - import userRoot: Indexing complete.
> Post-processing...
> [23/Jun/2010:18:37:12 -0400] - import userRoot: Flushing caches...
> [23/Jun/2010:18:37:12 -0400] - import userRoot: Closing files...
> [23/Jun/2010:18:37:12 -0400] - import userRoot: Import complete.
> Processed 97 entries (91 entries were skipped because they don't
> belong to this database) in 1 seconds. (97.00 entries/sec)
>
>
> On Wed, Jun 23, 2010 at 6:34 PM, Rich Megginson <rmeggins@redhat.com
> <mailto:rmeggins@redhat.com>> wrote:
>
> Chun Tat David Chu wrote:
> > Hi Rich,
> >
> > Thanks for helping. I followed your direction and exported another
> > LDIF for my 2nd database but whenever I try to load it I get an
> error
> > message "ldap_add: Operations error".
> What's in the errors log?
> >
> > Here's a little information on my DIT hierarchy.
> > Database 1: dc=foo,dc=com
> > Database 2: dc=new_foo,dc=foo,dc=com
> >
> > I ran the ldif2db.pl <http://ldif2db.pl> <http://ldif2db.pl>
> using the verbose switch and
> > here's the output.
> > ldapmodify: started Wed Jun 23 17:11:34 2010
> >
> > ldap_init( <hostname>, 389 )
> > add objectclass:
> > top
> > extensibleObject
> > add cn:
> > import_2010_6_23_17_11_34
> > add nsInstance:
> > userRoot
> > add nsFilename:
> > /home/chud/OLAY/LDAP_REPOPULATION_TEST/second_dit.ldif
> > add nsImportChunkSize:
> > 0
> > add nsUniqueIdGenerator:
> > time
> > adding new entry cn=import_2010_6_23_17_11_34, cn=import, cn=tasks,
> > cn=config
> > ldap_add: Operations error
> >
> > At this point, I am stuck. Do you have any idea what went
> wrong? The
> > reload of the root database does work but when I reload the 2nd
> > database that sits underneath in the root database in the DIT it
> > doesn't work.
> >
> > Thanks in advance!
> >
> > - David
> >
>
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 06-23-2010, 10:58 PM
Chun Tat David Chu
 
Default Directory Re-population

Hi Rich,

d'oh!* My bad...

You're absolutely correct!* It is now working properly.* Thanks!

- David

On Wed, Jun 23, 2010 at 6:48 PM, Rich Megginson <rmeggins@redhat.com> wrote:

Chun Tat David Chu wrote:

> Hi Rich,

>

> I looked at both access log and error log. *The access log has an

> addition of ldap_add failure but the error log doesn't say anything

> about the failure on loading the 2nd database.

What were the exact command line arguments you passed to ldif2db.pl? *It

looks as though you specified "userRoot" as the name of both databases -

the database for your sub-suffix must have a different name - or you can

use the -s "suffix" argument instead of -n databaseName

>

> - David

>

> Access Log

> [23/Jun/2010:18:37:09 -0400] conn=12180 fd=118 slot=118 connection

> from 138.125.205.65 to 138.125.205.65

> [23/Jun/2010:18:37:09 -0400] conn=12180 op=0 BIND dn="cn=Directory

> Manager" method=128 version=3

> [23/Jun/2010:18:37:09 -0400] conn=12180 op=0 RESULT err=0 tag=97

> nentries=0 etime=0 dn="cn=directory manager"

> [23/Jun/2010:18:37:09 -0400] conn=12180 op=1 ADD

> dn="cn=import_2010_6_23_18_37_

> 9, cn=import, cn=tasks, cn=config"

> [23/Jun/2010:18:37:11 -0400] conn=12180 op=1 RESULT err=0 tag=105

> nentries=0 etime=2

> [23/Jun/2010:18:37:11 -0400] conn=12180 op=2 UNBIND

> [23/Jun/2010:18:37:11 -0400] conn=12180 op=2 fd=118 closed - U1

> [23/Jun/2010:18:37:11 -0400] conn=12181 fd=119 slot=119 connection

> from 138.125.205.65 to 138.125.205.65

> [23/Jun/2010:18:37:11 -0400] conn=12181 op=0 BIND dn="cn=Directory

> Manager" method=128 version=3

> [23/Jun/2010:18:37:11 -0400] conn=12181 op=0 RESULT err=0 tag=97

> nentries=0 etime=0 dn="cn=directory manager"

> [23/Jun/2010:18:37:11 -0400] conn=12181 op=1 ADD

> dn="cn=import_2010_6_23_18_37_12, cn=import, cn=tasks, cn=config"

> [23/Jun/2010:18:37:11 -0400] conn=12181 op=1 RESULT err=1 tag=105

> nentries=0 etime=0

> [23/Jun/2010:18:37:11 -0400] conn=12181 op=2 UNBIND

>

> Error Log

> [23/Jun/2010:18:37:11 -0400] - WARNING: Import is running with

> nsslapd-db-private-import-mem on; No other process is allowed to

> access the database

> [23/Jun/2010:18:37:11 -0400] - import userRoot: Beginning import job...

> [23/Jun/2010:18:37:11 -0400] - ldbm: 'userRoot' is already in the

> middle of another task and cannot be disturbed.

> [23/Jun/2010:18:37:11 -0400] - import userRoot: Index buffering

> enabled with bucket size 19

> [23/Jun/2010:18:37:11 -0400] - import userRoot: Processing file

> "/home/chud/OLAY/LDAP_REPOPULATION_TEST/dit.ldif"

> [23/Jun/2010:18:37:11 -0400] - import userRoot: Finished scanning file

> "/home/chud/OLAY/LDAP_REPOPULATION_TEST/dit.ldif" (97 entries)

> [23/Jun/2010:18:37:12 -0400] - import userRoot: Workers finished;

> cleaning up...

> [23/Jun/2010:18:37:12 -0400] - import userRoot: Workers cleaned up.

> [23/Jun/2010:18:37:12 -0400] - import userRoot: Cleaning up producer

> thread...

> [23/Jun/2010:18:37:12 -0400] - import userRoot: Indexing complete.

> Post-processing...

> [23/Jun/2010:18:37:12 -0400] - import userRoot: Flushing caches...

> [23/Jun/2010:18:37:12 -0400] - import userRoot: Closing files...

> [23/Jun/2010:18:37:12 -0400] - import userRoot: Import complete.

> Processed 97 entries (91 entries were skipped because they don't

> belong to this database) in 1 seconds. (97.00 entries/sec)

>

>

> On Wed, Jun 23, 2010 at 6:34 PM, Rich Megginson <rmeggins@redhat.com

> <mailto:rmeggins@redhat.com>> wrote:

>

> * * Chun Tat David Chu wrote:

> * * > Hi Rich,

> * * >

> * * > Thanks for helping. *I followed your direction and exported another

> * * > LDIF for my 2nd database but whenever I try to load it I get an

> * * error

> * * > message "ldap_add: Operations error".

> * * What's in the errors log?

> * * >

> * * > Here's a little information on my DIT hierarchy.

> * * > Database 1: dc=foo,dc=com

> * * > Database 2: dc=new_foo,dc=foo,dc=com

> * * >

> * * > I ran the ldif2db.pl <http://ldif2db.pl> <http://ldif2db.pl>


> * * using the verbose switch and

> * * > here's the output.

> * * > ldapmodify: started Wed Jun 23 17:11:34 2010

> * * >

> * * > ldap_init( <hostname>, 389 )

> * * > add objectclass:

> * * > * * * * top

> * * > * * * * extensibleObject

> * * > add cn:

> * * > * * * * import_2010_6_23_17_11_34

> * * > add nsInstance:

> * * > * * * * userRoot

> * * > add nsFilename:

> * * > * * * * /home/chud/OLAY/LDAP_REPOPULATION_TEST/second_dit.ldif

> * * > add nsImportChunkSize:

> * * > * * * * 0

> * * > add nsUniqueIdGenerator:

> * * > * * * * time

> * * > adding new entry cn=import_2010_6_23_17_11_34, cn=import, cn=tasks,

> * * > cn=config

> * * > ldap_add: Operations error

> * * >

> * * > At this point, I am stuck. *Do you have any idea what went

> * * wrong? *The

> * * > reload of the root database does work but when I reload the 2nd

> * * > database that sits underneath in the root database in the DIT it

> * * > doesn't work.

> * * >

> * * > Thanks in advance!

> * * >

> * * > - David

> * * >

>

>

> ------------------------------------------------------------------------

>

> --

> 389 users mailing list

> 389-users@lists.fedoraproject.org

> https://admin.fedoraproject.org/mailman/listinfo/389-users



--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 05:34 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org