Hi Christian
we did someithing similar some month ago and I only found only a rather
complicated way.
1) We extracted the normal passwd and group information
getent passwd > /root/passwd.out
getent group > /root/group.out
deleted system user and password, converted to ASCIi and sorted computers out of
passwd.out
grep '\$' /root/passwd.out.ascii > /root/computer.out.ascii
grep -v '\$' /root/passwd.out.ascii > /root/user.out.ascii
2) we transfered the ldapsam Information to tdbsam
pdbedit -i ldapsam -e tdbsam
pdbedit -g -i ldapsam -e tdbsam
3) then we startet openldap with 2307 (without bis) and no data and added an
empty ldif with just the OU's
4) the we added posix accounts and groups again in ldap, using the fiels from
above
/usr/share/doc/smbldap-tools-0.9.10/migration_scripts/smbldap-migrate-unix-accounts_work
-v -P /root/user.out.ascii
/usr/share/doc/smbldap-tools-0.9.10/migration_scripts/smbldap-migrate-unix-computers
-v -P /root/computer.out.ascii
/usr/share/doc/smbldap-tools-0.9.10/migration_scripts/smbldap-migrate-unix-groups
-v -G /root/group.out.ascii
5) than we filled the samba attributes migration back from tdb to ldap
pdbedit -e ldapsam -i tdbsam
pdbedit -e ldapsam -i tdbsam -g
With this steps we could migrate towards AD
Most parts and the consolidation steps (duplicated SID's) we ware able to
script in a test setup...
Regards
Hansjörg Maurer
---
itsystems Deutschland AG -- Sorglos und leise. So geht IT
-----Ursprüngliche Nachricht-----
Von: Christian Naumer via samba <samba at lists.samba.org>
Gesendet: Die 18 Oktober 2016 11:44
An: samba at lists.samba.org
Betreff: [Samba] classic upgrade with rfc2307bis
We are in the process of testing an upgrade of our NT-style domain on samba 3.6
and ldap backend to
an AD on samba 4.4. The classic upgrade works fine so far the only problem we
have is that all our
groups are migrated without members. I think this is because we use rfc2307bis
in our schema which
uses "uniqueMember" instead of "memberUid" to link groups to
users. Is there an option to the
classic upgrade script to tell it to use uniqueMember ?
Regards
Christian
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
----------------------------
Unser System ist mit einem Mailverschluesselungs-Gateway ausgestattet. Wenn Sie
moechten, dass an Sie gerichtete E-Mails verschluesselt werden, senden Sie
einfach eine S/MIME-signierte E-Mail oder Ihren PGP Public Key an
hansjoerg.maurer at itsd.de.
Our system is equipped with an email encryption gateway. If you want email sent
to you to be encrypted please send a S/MIME signed email or your PGP public key
to hansjoerg.maurer at itsd.de.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5507 bytes
Desc: not available
URL:
<http://lists.samba.org/pipermail/samba/attachments/20161018/f75c8984/smime.bin>
