Fedora directory users - Jan 2008 - Migrate users from Netscape LDAP to Red Hat DS

Hi,
   
  We want to migrate users from Netscape LDAP to RedHat DS. On RedHat we have
created a similar schema (as existing on netscape) and now plan to export LDIF
from Netscape and import that into RedHat DS. This should work fine but what
will happen to the user passwords since in the export they will be hashed. Will
they get successfully imported into RedHat or will they get rehashed during the
import thus sopiling the migration.
   
  Please advise how should we plan user migration using some simple mechanism.
   
  regards,
  Ankur

       
---------------------------------
Looking for last minute shopping deals?  Find them fast with Yahoo! Search.

Ankur Agarwal wrote:
> Hi,
>  
> We want to migrate users from Netscape LDAP to RedHat DS. On RedHat we 
> have created a similar schema (as existing on netscape) and now plan 
> to export LDIF from Netscape and import that into RedHat DS. This 
> should work fine but what will happen to the user passwords since in 
> the export they will be hashed. Will they get successfully imported 
> into RedHat or will they get rehashed during the import thus sopiling 
> the migration.
They will be migrated.  Red Hat DS should support all of the password 
hashing schemes used by Netscape DS (unless you are using crypt or a 
custom scheme).
>  
> Please advise how should we plan user migration using some simple 
> mechanism.
>  
> regards,
> Ankur
>
> ------------------------------------------------------------------------
> Looking for last minute shopping deals? Find them fast with Yahoo! 
> Search. 
>
<http://us.rd.yahoo.com/evt=51734/*http://tools.search.yahoo.com/newsearch/category.php?category=shopping>
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

Thanks Richard!
   
  But how does Red Hat DS know that it need not rehash the password?
   
  e.g. Suppose I create a ldif file saying:
  userPassword=testppassword
   
  and export another ldif:
  userPassword=xyzRR$#=   
  First one is in plain english since I create that and second one is in hashed
format because I have exported an existing user. Now if i import these 2 to
another Red Hat instance how will that new instance know that second one is
already hashed?
   
  regards,
  Ankur
  

Rich Megginson <rmeggins@redhat.com> wrote:
  Ankur Agarwal wrote:
> Hi,
> 
> We want to migrate users from Netscape LDAP to RedHat DS. On RedHat we 
> have created a similar schema (as existing on netscape) and now plan 
> to export LDIF from Netscape and import that into RedHat DS. This 
> should work fine but what will happen to the user passwords since in 
> the export they will be hashed. Will they get successfully imported 
> into RedHat or will they get rehashed during the import thus sopiling 
> the migration.
They will be migrated. Red Hat DS should support all of the password 
hashing schemes used by Netscape DS (unless you are using crypt or a 
custom scheme).
> 
> Please advise how should we plan user migration using some simple 
> mechanism.
> 
> regards,
> Ankur
>
> ------------------------------------------------------------------------
> Looking for last minute shopping deals? Find them fast with Yahoo! 
> Search. 
> 
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> 
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users


       
---------------------------------
Looking for last minute shopping deals?  Find them fast with Yahoo! Search.

Ankur Agarwal wrote:
> Thanks Richard!
>  
> But how does Red Hat DS know that it need not rehash the password?
Bec
>  
> e.g. Suppose I create a ldif file saying:
> userPassword=testppassword
>  
> and export another ldif:
> userPassword=xyzRR$#=>  
> First one is in plain english since I create that and second one is in 
> hashed format because I have exported an existing user. Now if i 
> import these 2 to another Red Hat instance how will that new instance 
> know that second one is already hashed?
Usually when you export entries using db2ldif you will get LDIF like this:
dn: uid=scarter,....
....
userPassword: {SSHA}ls089x08sd090808sd08...

If you import this into RHDS, RHDS will see that userPassword is already 
hashed using SSHA and will just use the value.

If you are getting the userPassword values some other way, you can just 
set the value to
{scheme}base64password
e.g.
{SSHA}lsdf098asdf8z908023lj>  
> regards,
> Ankur
>
>
> */Rich Megginson <rmeggins@redhat.com>/* wrote:
>
>     Ankur Agarwal wrote:
>     > Hi,
>     >
>     > We want to migrate users from Netscape LDAP to RedHat DS. On
>     RedHat we
>     > have created a similar schema (as existing on netscape) and now
>     plan
>     > to export LDIF from Netscape and import that into RedHat DS. This
>     > should work fine but what will happen to the user passwords
>     since in
>     > the export they will be hashed. Will they get successfully
imported
>     > into RedHat or will they get rehashed during the import thus
>     sopiling
>     > the migration.
>     They will be migrated. Red Hat DS should support all of the password
>     hashing schemes used by Netscape DS (unless you are using crypt or a
>     custom scheme).
>     >
>     > Please advise how should we plan user migration using some simple
>     > mechanism.
>     >
>     > regards,
>     > Ankur
>     >
>     >
>    
------------------------------------------------------------------------
>     > Looking for last minute shopping deals? Find them fast with Yahoo!
>     > Search.
>     >
>     >
>     >
>    
------------------------------------------------------------------------
>     >
>     > --
>     > Fedora-directory-users mailing list
>     > Fedora-directory-users@redhat.com
>     > https://www.redhat.com/mailman/listinfo/fedora-directory-users
>     >
>
>     --
>     Fedora-directory-users mailing list
>     Fedora-directory-users@redhat.com
>     https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
> ------------------------------------------------------------------------
> Looking for last minute shopping deals? Find them fast with Yahoo! 
> Search. 
>
<http://us.rd.yahoo.com/evt=51734/*http://tools.search.yahoo.com/newsearch/category.php?category=shopping>
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>