[CentOS] migrating users to openldap

Fri Oct 29 14:42:41 UTC 2010
Alexander Dalloz <ad+lists at uni-x.org>

> I noticed that when I migrated my users with the migrate_passwd.pl
> tool from PADL it didn't migrate the actual passwords (just the rest
> of the posixAccount info). I think I need to set the EXTENDED_SCHEMA
> variable and then try running the tool again. does anyone know what
> this should be?


>  I actually thought there might be a migrate_shadow.pl tool that could
> accomplish this, but there doesn't appear to be anything like that
> among the PADL migration tools.

Correct, just the migrate_passwd.pl script.

>  So in short the user info is there in LDAP but no one can log in
> because all the password fields look like this: userPassword: {crypt}*

That's a result when there is no password set for the user to be migrated
(see man 5 shadow).

> Here is a more complete user entry that is currently in the system:
> 73 uid=bluethundr,ou=summitnjops,ou=staff,dc=summitnjhome,dc=com
> uid: bluethundr
> cn: Timothy P.
> givenName: Timothy P.
> sn: Dunphy
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> loginShell: /usr/local/bin/bash
> uidNumber: 1001
> gidNumber: 1002
> homeDirectory: /home/bluethundr
> gecos: Timothy P.
> userPassword: {crypt}*

The PADL script blindly uses {crypt}, although the password encryption
mechanism may be very different.

> thanks in advance for any tips you can share that will get this working!