Hi again, Stefan Seelmann wrote: >> #!RESULT OK >> #!CONNECTION ldap://10.255.100.16:389 >> #!DATE 2009-10-20T17:01:14.568 >> dn: ou=DDT,ou=Customers,dc=netsuccess,dc=ch >> objectClass: organizationalUnit >> objectClass: top >> ou: DDT >> accessControlSubentries: >> 2.5.4.3=se_ldap_customer_limited_read_access,0.9.23 >> 42.19200300.100.1.25=netsuccess,0.9.2342.19200300.100.1.25=ch >> accessControlSubentries: >> 2.5.4.3=se_ldap_full_administrators,0.9.2342.192003 >> 00.100.1.25=netsuccess,0.9.2342.19200300.100.1.25=ch >> createTimestamp: 20091019143703Z >> creatorsName: 2.5.4.3=mzu_adm,2.5.4.11=users,2.5.4.11=system > > Ok, you should can't add operational attributes (in your case: > accessControlSubentries, createTimestamp, creatorsName). They are > created by the server.
I tested to inject that entry, and I was successful. This is an issue of the server, I'll create an Jira right now. Just to make clear: You don't need to import the 'accessControlSubentries' operational attribute. It is created automatically by ApacheDS if a subentry's subtreeSpecification matches an entry. I'll try to give you a receipe how to migrate your data: 1st) Export the 'normal entries'. To do this select 'All user attributes' in the export dialog and additionally add 'administrativeRole' to the 'Returning Attributes' field. 2nd) Export the 'subentries'. To do this select 'All user attributes' in the export dialog and add 'prescriptiveACI, subtreeSpecification' to the 'Returning Attributes' field. Additionally check the 'Subentries Control' checkbox. Note: Don't check the 'Operational attributes' checkbox but only add those operational attributes that are really required. 3rd) Import the 'normal entries'. As you already found out the LDIF may be unsorted, so just import it multiple times. 4th) Import the 'subentries'. Note: Make sure to select the options 'Fetch operational attributes while browsing' and 'Fetch subentries while browsing' in the connection properties of your new connection to be able to see the hidden stuff. I hope this helps. I'd appreciate any feedback, don't hesitate to ask further questions. Kind Regards, Stefan
