I noticed that when I migrated my users with the migrate_passwd.pl
tool from PADL it didn't migrate the actual passwords (just the rest
of the posixAccount info). I think I need to set the EXTENDED_SCHEMA
variable and then try running the tool again. does anyone know what
this should be?
I actually thought there might be a migrate_shadow.pl tool that could
accomplish this, but there doesn't appear to be anything like that
among the PADL migration tools.
So in short the user info is there in LDAP but no one can log in
because all the password fields look like this: userPassword: {crypt}*
Here is a more complete user entry that is currently in the system:
73 uid=bluethundr,ou=summitnjops,ou=staff,dc=summitnjhome,dc=com
uid: bluethundr
cn: Timothy P.
givenName: Timothy P.
sn: Dunphy
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
loginShell: /usr/local/bin/bash
uidNumber: 1001
gidNumber: 1002
homeDirectory: /home/bluethundr
gecos: Timothy P.
userPassword: {crypt}*
thanks in advance for any tips you can share that will get this working!
--
Here's my RSA Public key:
gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9
Share and enjoy!!
On Fri, 2010-10-29 at 09:00 -0400, Tim Dunphy wrote:> I noticed that when I migrated my users with the migrate_passwd.pl > tool from PADL it didn't migrate the actual passwords (just the rest > of the posixAccount info). I think I need to set the EXTENDED_SCHEMA > variable and then try running the tool again. does anyone know what > this should be? > I actually thought there might be a migrate_shadow.pl tool that could > accomplish this, but there doesn't appear to be anything like that > among the PADL migration tools.I'd *strongly* recommend *not* using the PADL migration scripts. Morphing your system data into LDAP is pretty simple if you are familiar with any scripting language. You should carefully think through what you want in the DSA and how you want it represented, then make the LDIF files accordingly. See <http://mosg.googlegroups.com/web/LDAP102.pdf?gda=OkhSRj0AAABGYSQZGnP1p0-ZaG58b_-Dpp2Ky__YopapPAxAcIb5YKjfyxwalkQMu975yVukqHflNv--OykrTYJH3lVGu2Z5> for some simple example (slides 27 - 29)> So in short the user info is there in LDAP but no one can log in > because all the password fields look like this: userPassword: {crypt}* > Here is a more complete user entry that is currently in the system:
> I noticed that when I migrated my users with the migrate_passwd.pl > tool from PADL it didn't migrate the actual passwords (just the rest > of the posixAccount info). I think I need to set the EXTENDED_SCHEMA > variable and then try running the tool again. does anyone know what > this should be?$EXTENDED_SCHEMA = 1;> I actually thought there might be a migrate_shadow.pl tool that could > accomplish this, but there doesn't appear to be anything like that > among the PADL migration tools.Correct, just the migrate_passwd.pl script.> So in short the user info is there in LDAP but no one can log in > because all the password fields look like this: userPassword: {crypt}*That's a result when there is no password set for the user to be migrated (see man 5 shadow).> Here is a more complete user entry that is currently in the system: > > > 73 uid=bluethundr,ou=summitnjops,ou=staff,dc=summitnjhome,dc=com > uid: bluethundr > cn: Timothy P. > givenName: Timothy P. > sn: Dunphy > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > objectClass: posixAccount > loginShell: /usr/local/bin/bash > uidNumber: 1001 > gidNumber: 1002 > homeDirectory: /home/bluethundr > gecos: Timothy P. > userPassword: {crypt}*The PADL script blindly uses {crypt}, although the password encryption mechanism may be very different.> thanks in advance for any tips you can share that will get this working!Alexander