[CentOS] migrating users to openldap

Fri Oct 29 14:15:32 UTC 2010
Adam Tauno Williams <awilliam at whitemice.org>

On Fri, 2010-10-29 at 09:00 -0400, Tim Dunphy wrote: 
> I noticed that when I migrated my users with the migrate_passwd.pl
> tool from PADL it didn't migrate the actual passwords (just the rest
> of the posixAccount info). I think I need to set the EXTENDED_SCHEMA
> variable and then try running the tool again. does anyone know what
> this should be?
>  I actually thought there might be a migrate_shadow.pl tool that could
> accomplish this, but there doesn't appear to be anything like that
> among the PADL migration tools.

I'd *strongly* recommend *not* using the PADL migration scripts.
Morphing your system data into LDAP is pretty simple if you are familiar
with any scripting language.  You should carefully think through what
you want in the DSA and how you want it represented, then make the LDIF
files accordingly.

See
<http://mosg.googlegroups.com/web/LDAP102.pdf?gda=OkhSRj0AAABGYSQZGnP1p0-ZaG58b_-Dpp2Ky__YopapPAxAcIb5YKjfyxwalkQMu975yVukqHflNv--OykrTYJH3lVGu2Z5> for some simple example (slides 27 - 29)

> So in short the user info is there in LDAP but no one can log in
> because all the password fields look like this: userPassword: {crypt}*
> Here is a more complete user entry that is currently in the system: