3

With Apache Directory Studio, I want to clone a LDAP server for testing purpose. The generate LDIF file can't be imported, since the order of structural entrys is wrong. As a result, I got ERR_251_PARENT_NOT_FOUND errors.

Example situation:

dn: ou=test2,ou=test1,o=ml3
objectClass: organizationalUnit
objectClass: top
ou: test2

dn: ou=test1,o=ml3
objectClass: organizationalUnit
objectClass: top
ou: test1

This would fail because ou=test2 is a child of ou=test1. So ou=test1 has to be generated first. To confirm this, I changed the order of a few entrys and they were successfully imported. Problem: I would need to do this on all entrys by hand.

How can I get an LDIF export in the correct hierarchical order for exporting?

Lion
  • 16,606
  • 23
  • 86
  • 148
  • Maybe: https://metacpan.org/pod/distribution/perl-ldap/contrib/ldifsort.pl – jwilleke Jun 27 '17 at 10:24
  • How did you export the LDIF in the first place? If I were you I would try to export it correctly instead or modifying the LDIF as it is the same mechanism to make a backup/restore operation – Esteban Jun 27 '17 at 13:14
  • Tried the Apache Directory Studio export functionality as well as `ldapsearch`. I'm wondering that it doesn't seem possible to keep a correct order, which it makes hard to keep a backup of everything without having to manually modifiy the order. – Lion Jul 29 '19 at 14:11
  • 2
    Did anyone get an answer to this? Suffering from the same situation, but only using ldapsearch. – vandekerkoff Feb 11 '20 at 13:48

1 Answers1

0

LDIF itself does not have any concept of ordering. It is just objects with all the information and importantly the DN. While importing into Apache DS, check the continue on error checkbox (Apache DS Studio) and continuously import the LDIF, multiple times till you don't get any RDN related error. There would be errors related to objects cannot be created because they already exist (I don't recollect correctly the error text but it's quite evident from the error message that Apache DS will not create entries which already exist).

After the RDN related errors are gone, all the LDIF data should be in the DIT.

I am not sure if the above method is right or wrong but it works for me in production grade migration of DIT.

Only aspect is, if there are any custom schemas, ensure the schemas LDIFs are imported before the data import is done.

Ironluca
  • 3,402
  • 4
  • 25
  • 32