samba - Oct 2009 - migrate Windows Active Directory Users to Samba+LDAP

reetings,

Greetings,

Can anyone help me find out how to migrate Active Directory users to 
Samba+LDAP? I have everything working: Samba+LDAP+Kerberos PDC in Debian 
and I also have a Windows Active Directory in production with more than 
100 users added. I just want to transfer all the AD users to de PDC in 
Debian. I tried using pwdump to extract AD users but with no positive 
results. Please help

On Tue 20/10/09  3:06 AM , Osmany Goderich Navarro  wrote:100 users
added. I just want to transfer all the AD users to de PDC in 
 Debian. I tried using pwdump to extract AD users but with no
positive 
 results. Please help
	That wouldn't work, as I understand it.  Unless something has
changed significantly in the past few years,  pwdump programs are for
dumping SAM (local) accounts and not for dumping ActiveDirectory
accounts.  I'm guessing you'd need to use some LDAP tools to dump out
an LDIF of the user OU trees.

-------------------------
Message sent via Atmail Open - http://atmail.org/

On Tue 20/10/09  4:34 AM , Osmany Goderich Navarro <osmany at
oc.quimefa.cu> wrote:
> utility that's built in AD and it works fine. I can specifically
extract de
> OU of my interest but the problem is that the users in the output file come
> out with lots of attributes that are not compatible with the samba
> schema. I'm wondering if there is some script that can restructure and
modify
> the users so that I can import these users to OpenLDAP with a simple
ldapadd
> command.
There aren't any that I'm personally aware of (maybe others on the list
know of
scripts that I don't know about), but once you have an LDIF it's all
text. You
could slap a Perl or Python script together in no time; these scripts tend to
be very site-specific.  

The Windows 2003 'R2' LDAP schema for AD is RFC 2307 compliant, so if
your
target LDAP directory is RFC 2307, it should be a piece of cake.  Either you
add the necessary AD attributes to your LDAP schema, or you simply weed the
ones you don't care about out of the of the LDIF by using something along
the
lines of what 'grep -v' does.

If you're using some other ActiveDirectory schema, I'm afraid it's
going to be
rather harder.



Message sent via Atmail Open - http://atmail.org/