On Fri, Oct 29, 2010 at 10:15:32AM -0400, Adam Tauno Williams wrote: > On Fri, 2010-10-29 at 09:00 -0400, Tim Dunphy wrote: > > I noticed that when I migrated my users with the migrate_passwd.pl > > tool from PADL it didn't migrate the actual passwords (just the rest > > of the posixAccount info). I think I need to set the EXTENDED_SCHEMA > > variable and then try running the tool again. does anyone know what > > this should be? > > I actually thought there might be a migrate_shadow.pl tool that could > > accomplish this, but there doesn't appear to be anything like that > > among the PADL migration tools. I wonder if you did it as root. If not, it doesn't include the passwords. (That is, the script will run as regular user, but will not include passwords.) > > I'd *strongly* recommend *not* using the PADL migration scripts. > Morphing your system data into LDAP is pretty simple if you are familiar > with any scripting language. You should carefully think through what > you want in the DSA and how you want it represented, then make the LDIF > files accordingly. I would have argued that two years ago, but I've come to the conclusion that this is true. I might use it to create a sample ldif when I forget some syntax, but I find myself using the padl scripts less and less. This is not to say that (IMNSKO, not so knowledgeable--the rest I'm sure you folks know), they're bad per se, just that as one gets more experienced, there are better ways of doing it. > > See > <http://mosg.googlegroups.com/web/LDAP102.pdf?gda=OkhSRj0AAABGYSQZGnP1p0-ZaG58b_-Dpp2Ky__YopapPAxAcIb5YKjfyxwalkQMu975yVukqHflNv--OykrTYJH3lVGu2Z5> for some simple example (slides 27 - 29) > Excellent link, thank you, even though I'm not the OP. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Kendra: I call it Mr. Pointy. Buffy: You named your stake? Kendra: Yes. Buffy: Remind me to get you a stuffed animal.