Description of problem: Migration script migrate_all_offline.sh can't handle duplicate entries. In case of duplicated entry in generated ldif slapadd fails, doesn't import anything. Version-Release number of selected component (if applicable): openldap-2.3.43-9.el5 How reproducible: Always. Steps to Reproduce: 1. configure OpenLDAP server (see attached slapd.conf): export LDAPHOST="127.0.0.1" export LDAP_BASEDN="dc=foo,dc=bar,dc=com" export LDAP_BINDDN="cn=Manager,dc=foo,dc=bar,dc=com" export LDAP_BINDCRED="x" export LDAP_PROFILE="no" service ldap stop mkdir /tmp/ldap-test-ldap mkdir /tmp/ldap-test-run chown ldap:ldap /tmp/ldap-test-run chown ldap:ldap /tmp/ldap-test-ldap chcon --reference=/var/run/openldap /tmp/ldap-test-run chcon --reference=/var/lib/ldap /tmp/ldap-test-ldap cp -f slapd.conf /etc/openldap/slapd.conf 2. Migrate all offline (there should be duplicated entries, see attached ldif): perl /usr/share/openldap/migration/migrate_all_offline.sh Actual results: Creating naming context entries... Migrating groups... Migrating hosts... Migrating networks... Migrating users... Migrating protocols... Migrating rpcs... Migrating services... Migrating netgroups... Importing into LDAP... Migrating netgroups (by user)... Migrating netgroups (by host)... Preparing LDAP database... bdb_db_open: Warning - No DB_CONFIG file found in directory /tmp/ldap-test-ldap/: (2) Expect poor performance for suffix dc=foo,dc=bar,dc=com. => bdb_tool_entry_put: id2entry_add failed: DB_KEYEXIST: Key/data pair already exists (-30996) => bdb_tool_entry_put: txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996) slapadd: could not add entry dn="cn=echo,ou=Services,dc=foo,dc=bar,dc=com" (line=2739): txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996) Migration failed: saving failed LDIF to /tmp/nis.ldif.x26447 Expected results: All entries all imported successfully, duplicated entries are skipped with warnings. Additional info: Script migrate_all_online.sh successfully import all even if duplicated entries are present. To achieve expected results it would be enough to add -c option to slapadd options in migrate_all_offline.sh.
Created attachment 389722 [details] Proposed patch.
Created attachment 389723 [details] Generated ldif
Created attachment 389724 [details] slapd configuration file
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux.
Resolved in openldap-2.3.43-20.el5
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: - use of migrate_all_offline.sh migration script while there are some duplicate accounts to be migrated - the migration process is interrupted - updated the script not to interrupt the migration process, when some error occur (e.g, when duplicate account is added) - local duplicate accounts will not interrupt the migration process
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0155.html