Tux

...making Linux just a little more fun!

Netcape to OpenLDAP Migration

top mungkala [pakin8 at gmail.com]


Tue, 22 Apr 2008 11:56:36 +0700

I'm beginning the project of upgraded mail hosting. In the process I have to migrate data in old Netscape LDAP server to an OpenLDAP server. I'm newbie in UNIX shell script and my task is mail address book migration. I have only one text file which has data like this: 

dn: cn=ldap://:389,dc=yomo,dc=aaa,dc=bbb,dc=ccc
cn: ldap://:389
objectclass: top
objectclass: applicationprocess
objectclass: ldapserver
generation: 020000318055502
aci: (targetattr = "*")(version 3.0; acl "Configuration Adminstrators Group";
 allow (all) groupdn = "ldap:///cn=Configuration Administrators, ou=Groups, o
 u=TopologyManagement, o=NetscapeRoot";)
aci: (targetattr = "*")(version 3.0; acl "Configuration Adminstrator"; allow (
 all) userdn = "ldap:///uid=admin,ou=Administrators, ou=TopologyManagement, o
 =NetscapeRoot";)
aci: (targetattr = "*")(version 3.0; acl "Local Directory Adminstrators Group"
 ; allow (all) groupdn = "ldap:///ou=Directory Administrators, o=arc.net.my";
 )
aci: (targetattr = "*")(version 3.0; acl "XXX Group"; allow (all)groupdn = "ld
 ap:///cn=slapd-yomo, cn=Netscape Directory Server, cn=Server Group, cn=yom
 o.aaa.bbb.ccc, ou=aaa.bbb.ccc, o=NetscapeRoot";)
modifiersname: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoo
 t
modifytimestamp: 20000318055506Z
 
dn: un=RMohana4bdbd8,ou=sharonscy,ou=People,o=aaa.bbb.ccc,o=aaa.bbb.ccc,o=pab
un: RMohana4bdbd8
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: pabperson
memberofpab: AddressBook3e0c2d8
mail: [email protected]
givenname: R.
sn: Mohan
cn: R. Mohan
creatorsname: uid=msg-admin-1,ou=People,o=aaa.bbb.ccc,o=aaa.bbb.ccc
modifiersname: uid=msg-admin-1,ou=People,o=aaa.bbb.ccc,o=aaa.bbb.ccc
createtimestamp: 20050622142039Z
modifytimestamp: 20050622142039Z

After I reviewed the files I found that each box entries has "objectclass: pabperson" is box entries of email address book so at first I want to detect the "objectclass: pabperson" and cut all its box entries. For each box entries is separated by the new line. please you give me any pointers on how to do this successfully by using shell script?

Thank You,

Toppu


Top    Back


Karl-Heinz Herrmann [kh1 at khherrmann.de]


Tue, 22 Apr 2008 08:22:52 +0200 

> dn:
> un=RMohana4bdbd8,ou=sharonscy,ou=People,o=aaa.bbb.ccc,o=aaa.bbb.ccc,o=pab
> un: RMohana4bdbd8 objectclass: top
> objectclass: person
> objectclass: organizationalPerson
> objectclass: inetOrgPerson
> objectclass: pabperson
> memberofpab: AddressBook3e0c2d8
> mail: [email protected]
> givenname: R.
> sn: Mohan
> cn: R. Mohan
> creatorsname: uid=msg-admin-1,ou=People,o=aaa.bbb.ccc,o=aaa.bbb.ccc
> modifiersname: uid=msg-admin-1,ou=People,o=aaa.bbb.ccc,o=aaa.bbb.ccc
> createtimestamp: 20050622142039Z
> modifytimestamp: 20050622142039Z

If this structure will stay the same for all entries something simple like: 

grep -A 4 "objectclass: pabperson" 
 
should write exactly:
memberofpab: AddressBook3e0c2d8
mail: [email protected]
givenname: R.
sn: Mohan
cn: R. Mohan

for each entry to STDOUT. If you would like to suppress certain entries again (like adressbookname) you can pipe this thouh another grep: 

grep -A 4 "objectclass: pabperson" | grep -v memberofpab
 
-v beeing "don't show match" and not "verbose" for grep.

Apart from simple line based filter matchings like the above me personally would not try to accomplish something like parsing ldap files by bash-shell scripts. I would go looking into perl and see if there is not an ldap-parsing module available.

I'm sure there are ldap-talking modules for perl, so as long as your old ldap server is still running you could use perl to rip all information directly from the ldap-server and pass it to a new one.

K.-H.


Top    Back


Thomas [thomas at edulinux.homeunix.org]


Tue, 22 Apr 2008 07:25:29 +0100

On Tue, 22 Apr 2008 11:56:36 +0700 "top mungkala" <[email protected]> wrote: 

> After I reviewed the files I found that each box entries has
> "objectclass: pabperson" is box entries of email address book so at
> first I want to detect the  "objectclass: pabperson" and cut all its
> box entries. For each box entries is separated by the new line.
> please you give me any pointers on how to do this successfully by
> using shell script?

Can you please elaborate on this by providing a more concrete example?

-- Thomas Adam 

-- 
"It was the cruelest game I've ever played and it's played inside my
head." -- "Hush The Warmth", Gorky's Zygotic Mynci.


Top    Back


Thomas Adam [thomas.adam22 at gmail.com]


Tue, 22 Apr 2008 07:29:37 +0100

On Tue, 22 Apr 2008 08:22:52 +0200 Karl-Heinz Herrmann <[email protected]> wrote: 

> If this structure will stay the same for all entries something simple
> like:
> 
> grep -A 4 "objectclass: pabperson"

Yes, but I doubt it will be -- there is nothing within LDIF to enforce this, something I've been bitten by before.

-- Thomas Adam 

-- 
"It was the cruelest game I've ever played and it's played inside my
head." -- "Hush The Warmth", Gorky's Zygotic Mynci.


Top    Back