10.2 Migrating the Active Directory Schema to NetIQ eDirectory Using ICE

While migrating schema from Active Directory to NetIQ eDirectory using ICE, schema migration for the Computer objectClass fails with an ambiguous naming error (-651) error.

To resolve this, complete the following steps:

10.2.1 Step 1: Perform the Schema Cache Update Operation

While migrating schema from Active Directory to NetIQ eDirectory using ICE, ensure that you have provided the error log option (-e) of ICE as follows:

ice -e error_file -S ldap -s Active_Directory_server -p Active_Directory_port -d Active_Directory_full_admin_context -w Active_Directory_password -D ldap -s eDirectory_server -p eDirectory_port -d eDirectory_full_admin_context -w eDirectory_password

For example:

ice -e err.ldf -S ldap -s activesrv1 -p activeport1 -d cn=admin,o=company -w activepwd -D ldap -s edirsrv2 -p edirport2 -d cn=admin,o=company -w edirpwd

10.2.2 Step 2: Rectify the Error LDIF File to Eliminate the Errors

The failed entry would be present in the err.ldf file as shown below:

dn: cn=schema
changetype: modify
delete: objectclasses
objectclasses: ( 2.16.840.1.113719.1.1.6.1.4 NAME ’computer’ )
-
add: objectclasses
objectclasses: ( 2.16.840.1.113719.1.1.6.1.4 NAME ’computer’ SUP (device $
 user ) STRUCTURAL MAY (operator $ server $ status $ cn $ networkAddress $
 local PolicyFlags $ defaultLocalPolicyObject $ machineRole $ location $
 netbootInitialization $ netbootGUID $ netbootMachineFilePath $ siteGUID $
 operatingSystem $ operatingSystemVersion $ operatingSystemServicePack $
 operatingSystemHotfix $ volumeCount $ physicalLocationObject $ dNSHostName
 $ policyReplicationFlags $ managedBy $ rIDSetReferences $ catalogs $
 netbootSIFFile $ netboot MirrorDataFile ) X-NDS_NOT_CONTAINER ’1’ X
 -NDS_NONREMOVABLE ’1’ X-NDS_NAME ’Computer’ )
-

Modify this entry in the error file (err.ldf in the example) to remove the user objectClass from the list of superior objectClasses in the definition of the Computer objectClass, as shown below:

dn: cn=schema
changetype: modify
delete: objectclasses
objectclasses: ( 2.16.840.1.113719.1.1.6.1.4 NAME ’computer’ )
-
add: objectclasses
objectclasses: ( 2.16.840.1.113719.1.1.6.1.4 NAME ’computer’ SUP device
 STRUCTURAL MAY (operator $ server $ status $ cn $ networkAddress $ local
 PolicyFlags $ defaultLocalPolicyObject $ machineRole $ location $ 
 netbootInitialization $ netbootGUID $ netbootMachineFilePath $ siteGUID $
 operatingSystem $ operatingSystemVersion $ operatingSystemServicePack $
 operatingSystemHotfix $ volumeCount $ physicalLocationObject $ dNSHostName
 $ policyReplicationFlags $ managedBy $ rIDSetReferences $ catalogs $
 netbootSIFFile $ netbootMirrorDataFile ) X-NDS_NOT_CONTAINER ’1’ X
 -NDS_NONREMOVABLE ’1’ X-NDS_NAME ’Computer’ )
-

10.2.3 Step 3: Import the LDIF File

Now, import the modified entry using the following ICE command:

ice -S ldif -f LDIF_file -D ldap -s Novell_eDirectory_server -p port_number -d full_admin_context -w password

For example:

ice -S ldif -f err.ldf -D ldap -s edirsrv1 -p edirport1 -d cn=admin,o=company -w pwd1