[NBLUG/talk] LDAP db export on Fedora Directory Server

Mitch Patenaude patenaude at gmail.com
Tue Sep 7 15:46:47 PDT 2010


I've figured some of it out, so I'm following up in the hopes that
others may find this info helpful.

On Tue, Sep 7, 2010 at 11:55 AM, Mitch Patenaude <patenaude at gmail.com> wrote:
[...]
> The ldapsearch command looks like:
>
> ldapsearch -LLL -x -D 'cn=admin_user,ou=people,dc=example,dc=com' -w
> <admin_pass> -h <old_ldap_server> -b dc=example,dc=com uid=<user>
>
> And the record I get back is missing some fields (always missing
> userPassword)

it turns out that only the "real' admin account (i.e.
uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot) can
fetch the userPassword field.  I'm guessing that this is buried in the
aci's somewhere, but I haven't a clue where.

> and sometimes I get a strange record looking like
>
> cn:: <a bunch of base64 encoded nonsense>

Turns out that I am using the utils from openldap, and ldapsearch(1)
uses a double colon to mean that the field is base64 encoded
(presumably because it has non-printable characters.)  I have no idea
why it's doing that, since it field seems perfectly normal in other
dumps, but it is read correctly since I'm doing imports with
openldap's tool as well.



More information about the talk mailing list