[CentOS] migrating users to openldap
Scott Robbins
scottro at nyc.rr.com
Fri Oct 29 14:40:11 UTC 2010
On Fri, Oct 29, 2010 at 10:15:32AM -0400, Adam Tauno Williams wrote:
> On Fri, 2010-10-29 at 09:00 -0400, Tim Dunphy wrote:
> > I noticed that when I migrated my users with the migrate_passwd.pl
> > tool from PADL it didn't migrate the actual passwords (just the rest
> > of the posixAccount info). I think I need to set the EXTENDED_SCHEMA
> > variable and then try running the tool again. does anyone know what
> > this should be?
> > I actually thought there might be a migrate_shadow.pl tool that could
> > accomplish this, but there doesn't appear to be anything like that
> > among the PADL migration tools.
I wonder if you did it as root. If not, it doesn't include the
passwords. (That is, the script will run as regular user, but will not
include passwords.)
>
> I'd *strongly* recommend *not* using the PADL migration scripts.
> Morphing your system data into LDAP is pretty simple if you are familiar
> with any scripting language. You should carefully think through what
> you want in the DSA and how you want it represented, then make the LDIF
> files accordingly.
I would have argued that two years ago, but I've come to the conclusion
that this is true. I might use it to create a sample ldif when I forget
some syntax, but I find myself using the padl scripts less and less.
This is not to say that (IMNSKO, not so knowledgeable--the rest I'm sure
you folks know), they're bad per se, just that as one gets more
experienced, there are better ways of doing it.
>
> See
> <http://mosg.googlegroups.com/web/LDAP102.pdf?gda=OkhSRj0AAABGYSQZGnP1p0-ZaG58b_-Dpp2Ky__YopapPAxAcIb5YKjfyxwalkQMu975yVukqHflNv--OykrTYJH3lVGu2Z5> for some simple example (slides 27 - 29)
>
Excellent link, thank you, even though I'm not the OP.
--
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6
Kendra: I call it Mr. Pointy.
Buffy: You named your stake?
Kendra: Yes.
Buffy: Remind me to get you a stuffed animal.
More information about the CentOS
mailing list