On 04/28/2014 11:24 AM, Brian Arthur wrote:
*From:*Rich Megginson [mailto:email@example.com]
*Sent:* Friday, April 25, 2014 2:02 PM
*To:* General discussion list for the 389 Directory server project.;
*Subject:* Re: [389-users] Export/Import: openldap-2.3.27 to
On 04/25/2014 02:02 PM, Brian Arthur wrote:
I’m trying to import an openldap-2.3.27 export into 389-ds-1.2.2-1
Note - 389-ds is just a "meta" package - please reference the version
of 389-ds-base, which is the core LDAP server package.
I would strongly encourage you to upgrade to 1.2.11 or later.
and am getting the follow errors in the “rejects” file:
Invalid syntax. cn: value #0 invalid per syntax
Sample: cn:: TWFyaW8gUmH6bCBDaGFuZw==
I thought openldap 2.3 had strict syntax checking, that would not have
allowed this value at all - perhaps it was turned off?
I’m not sure if it was turned off. How can I tell? All the “syntax”
plugins I looked at in my config are “on”.
How can you tell in openldap server? I don't know.
I would like to turn it back on and enforce UTF-8. There is a PERL
based application that we use to populate LDAP entries and I that is
how the LATIN-1 values get entered. I’ll talk with the developer of
the PERL application to start using UTF-8. I hope that
openldap-2.3.27 can handle UTF-8.
Yes, openldap can handle UTF-8. In fact, the LDAP standard _requires_
the use of UTF-8, which is why it is strange that openldap even allowed
non-UTF-8 data in the first place.
I’ve determined (I think) that these errors are from CN value pair
that are base64 encoded LATIN1 characters.
If I decode string(base64 command), convert it to UTF8(via iconv), I
can import into Fedora389 successfully. I have a lot of entries with
these values and am looking for an easy solution.
Has anyone come across this before and written a script to process an
LDIF file or a different way to transfer the data? I’m not much of a
programmer but I do have programmers in my organization that could
assist me if a script is the best solution.
Scripting is the best way. I recommend python-ldap. I am not aware
of a script that does this.
I will look into python-ldap for converting the file. Thanks for the
PS – I hope this messages posts in a nice, readable format!
389 users mailing list
389 users mailing list