This document (10094434) is provided subject to the disclaimer at the end of this document.
fact
NetWare 6.x
Novell eDirectory 8.7.3 for NetWare
Novell eDirectory 8.7.3 for All Platforms
symptom
Importing eDir using ICE/LDIF fails
LBURP operation failed: 68(Already exists)
LBURP operation failed: 32(No such object)
LBURP operation failed: 19(Constraint violation)
Customer was trying to copy part of his production eDir tree to the test eDir tree using C1/ICE and LDIF format. He exported the whole subtree with all objects and attributes into LDIF file. Then he tried to import LDIF data into test server. Some containers or objects have been created successfully, but most objects have not been created, and customer received LDIF/LBURP error messages (above). Customer also noticed that some by C1/ICE imported objects have been imported as UNKNOWN objects, missing all attributes.
cause
This is not a bug, this is in fact expected behaviour. Many objects' attribute values in eDir refer to other objects. The way LDIF file is created by C1/ICE export operation does not take care about possible cross or forward references. It simply reads (all) atributes and their values and put them into a text file, first come first served. So it can easily happen that forward references are created in exported LDIF file. Such forward references being imported back into eDir can cause following problems: a) LDIF import failure (No such object or Constraint violation error) b) Unknown object creation. Re-importing LDIF file repeatedly does not also help and has the only effect in receiving additional error: Already exists.
fix
The fix here is a little bit tricky and cannot help in all cases. The idea is to make export and import in two steps and avoid incorrect reference handling. In the first step all objects are imported, and also their attributes, which do not suffer from possible forward references. In the second step the rest is imported. Because all objects have already been imported in the previous step, there is no threat of any possibly incorrectly handled forward reference. Here is how to proceed:
a) Make an export of everything you need from eDir into one LDIF file.
b) Check this LDIF file for possible forward references, and mark on paper all affected attributes. These are typically ACL, EquivalentToMe, Member, SecurityEquals, GroupMembership.
There may be more of these, depending on eDir implementation, schema extension, etc.
c) Erase ice.log file on your source server.
d) Make C1/ICE export in two steps:
d.1) In step 1 export everything excluding attributes, which are affected by references, using ICE's source LDAP "-o" switch:
LOAD ICE -b -v -lsys:ice.log -SLDAP -dcn=... -w... -bo=... -oacl,equivalentToMe,member,securityEquals,groupMembership -DLDIF -fsys:step1.ldf
d.2) In step 2 export previously excluded attributes only, using ICE's source LDPA "-a" switch, and also "-m" switch:
LOAD ICE -b -v -lsys:ice.log -SLDAP -m -dcn=... -w... -bo=... -aacl,equivalentToMe,member,securityEquals,groupMembership -DLDIF -fsys:step2.ldf
Source LDAP switch "-m" means MODIFY, and generates appropriate text change in your LDIF output.
e) Check ice.log file for possible errors. If there are none, you can continue with the next step.
f) Copy both step1.ldf and step2.ldf to your destination server.
g) Modify your step2.ldf server with any text editor - replace all occurrence of string "add:" with string "replace:"
This is quite important step, otherwise you would never get correctly restored previously excluded attributes, especially ACLs.
h) Erase ice.log on your destination server
i) Import LDIF files in two steps:
i.1) In step 1 create containers and objects with most attributes from step1.ldf file:
LOAD ICE -b -v -lsys:ice.log -SLDIF -fsys:step1.ldf -DLDAP -F -dcn=... -w...
Destination LDAP switch "-F" is quite important here and means "ignore forward references". Any forgoten forward referencing attribute in our step1.ldf file would otherwise cause our ICE utility to fail.
i.2) In step 2 remaining/missing attributes will be imported to eDir (in fact replaced) from step2.ldf file:
LOAD ICE -b -v -lsys:ice.log -SLDIF -fsys:step2.ldf -DLDAP -F -dcn=... -w.
j) Check your ice.log on destination server for possible errors.
document
| Document Title: | Importing eDir using ICE/LDIF fails |
| Document ID: | 10094434 |
| Solution ID: | NOVL98677 |
| Creation Date: | 31Aug2004 |
| Modified Date: | 26Nov2004 |
| Novell Product Class: | Netware |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.