Prashanth Sundaram
2009-Jul-24 15:56 UTC
[389-users] Getent and ldapsearch import from openldap
Hi all,
I am trying to migrate all users from openldap to FDS. The schema and object
class in openldap is pretty messed up and needs lot of massaging. I tried
exporting the schema and running the conversion script but it usually fails
and the db import is not correct.
Requirement: Only users with uid, gid and homedir needed. Nothing more or
less
So I did this, for Users, uid, gid, homedir import:
#getent passwd
Sample output:
oracle:x:1001:1001:oracle:/home/oracle:/bin/bash
Now, run ./migrate_passwd.pl on the aboveoutput to convert to ldif file.
The result was like below.
Sample output ldif:
dn: uid=oracle,ou=People,dc=fedorads,dc=net uid: oracle cn: oracle
objectClass: account objectClass: posixAccount objectClass: top
userPassword: {crypt}x loginShell: /bin/bash uidNumber: 1001 gidNumber: 1001
homeDirectory: /home/oracle gecos: oracle
For Password import
ldapsearch D BindDN W x uid=* userPassword uidNumber gidNumber
sample
dn: uid=oracle,ou=People,dc=padl,dc=net uidNumber: 1001 gidNumber: 1001
userPassword:: e01ENX1nbDdQNm5iU3FQOGZJOTdVWXM2QXp3PT8H9
Question 1: Please comment on above. Tell me if I could have simplified the
approach. Is there a better way to import the password from OpenLDAP? The
conversion schema is not working for me and it was set default.
Question 2: Now I have two database with user and password separate. Can I
import them separately and have it working?
Question 3: When I imported, I got only 500users in db and rest didn¹t make
it. I am trying to remember which file and what limit needs to be edited for
this issue.
Craig White
2009-Jul-24 16:33 UTC
Re: [389-users] Getent and ldapsearch import from openldap
On Fri, 2009-07-24 at 11:56 -0400, Prashanth Sundaram wrote:> Hi all, > > I am trying to migrate all users from openldap to FDS. The schema and > object class in openldap is pretty messed up and needs lot of > massaging. I tried exporting the schema and running the conversion > script but it usually fails and the db import is not correct. > > Requirement: Only users with uid, gid and homedir needed. Nothing more > or less > > So I did this, for Users, uid, gid, homedir import: > > #getent passwd > Sample output: > oracle:x:1001:1001:oracle:/home/oracle:/bin/bash > > Now, run ./migrate_passwd.pl on the aboveoutput to convert to ldif > file. The result was like below. > Sample output ldif: > dn: uid=oracle,ou=People,dc=fedorads,dc=net uid: oracle cn: oracle > objectClass: account objectClass: posixAccount objectClass: top > userPassword: {crypt}x loginShell: /bin/bash uidNumber: 1001 > gidNumber: 1001 homeDirectory: /home/oracle gecos: oracle > > For Password import > > ldapsearch –D BindDN –W –x uid=* userPassword uidNumber gidNumber > sample > dn: uid=oracle,ou=People,dc=padl,dc=net uidNumber: 1001 gidNumber: > 1001 userPassword:: e01ENX1nbDdQNm5iU3FQOGZJOTdVWXM2QXp3PT8H9 > > Question 1: Please comment on above. Tell me if I could have > simplified the approach. Is there a better way to import the password > from OpenLDAP? The conversion schema is not working for me and it was > set default. > > Question 2: Now I have two database with user and password separate. > Can I import them separately and have it working? > > Question 3: When I imported, I got only 500users in db and rest didn’t > make it. I am trying to remember which file and what limit needs to be > edited for this issue.---- Q1 - yes Q2 - no Q3 - yes, I think the rootbinddn does not have limits in openLDAP ldapsearch -D BindDN -W -x ''(homedir=/home/*)'' -l max > /tmp/dump.ldif but definitely use rootbinddn so you get passwords and no limits Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.