[CentOS] LDAP howto using ds-base and ds-admin and related consoles

Fri Jul 31 16:13:34 UTC 2009
Kwan Lowe <kwan.lowe at gmail.com>

On Fri, Jul 31, 2009 at 3:20 AM, Tony Molloy<tony.molloy at ul.ie> wrote:

> Installing centos-ds is not a problem. It's what you do after it. Especially
> for people like me who have no experience with OpenLDAP.
>> Linux and Windows user authentication is straightforward, with GUI
>> based setup and editing.
> With 1200 existing users to be migrated then GUI based setup and editing is
> not very useful.

I had to move about 200 Unix users from OpenLDAP to RHDS. For a brief
moment I considered just manually doing it, but reason got the better
of me.  The approach I took:

1) Exported the database from OpenLDAP. Actually, just used an
ldapsearch and pulled over all the users and groups and dropped it
into and LDIF.

2) Created a few test users on Fedora DS then ran a similar export
process. This gave me an LDIF that I could compare.

3) Next was a matter of writing a bunch of awk scripts to convert the
OpenLDAP to Fedora LDIF format. The biggest problem I had was the
password format. I don't recall much of the details exactly, but there
were some issues with the crypt method. In the end I wrote another
script that wrapped mkpasswd and then just did an update. It emailed
the users with the new password. For those without an email address
(maybe 30 or so),  it set a default password based on the username.

>> The default schema I use doesn't include address, company, etc., but
>> these are very easily added.  I tested with kaddressbook and a couple
>> other LDAP browsers without any glitches.
> I'm going through the Howto:Samba from <directory.fedoraproject.org> at the
> moment and hopefully that will get me started.
> But what would be nice is:
> 1. Howto:migtate existing NIS to CentosDS
> 2. Howto:migrate existing Samba to CentosDS

For the LDAP information itself, you could probably do a similar
thing. E.g., parse the relevant passwd, group, shadow and login files
then create an LDIF to import. OpenLDAP has a bunch of scripts to
migrate from NIS/local files also, so they would be my first step.