[Fedora-directory-users] Re: passwd/shadow/group --> fedora-ds HOWTO?
Steven Bonneville
sbonnevi at redhat.com
Wed Aug 31 16:24:56 UTC 2005
Rich Megginson <rmeggins at redhat.com> wrote:
> Bryan K. Wright wrote:
[...]
> > Also, the padl migration tools use objectClasses
> >"posixAccount","account" and "shadowAccount" for entries in
> >the passwd file, but fedora-ds seems to expect "person",
> >"organizationalPerson" and "inetorgperson".
> >
> >
> Similar to the above, entries can be both inetOrgPerson and
> posixAccount, shadowAccount, and account (see the caveat about using the
> account objectclass here -
> http://directory.fedora.redhat.com/wiki/Howto:Posix)
You can cause the migration tools to use inetOrgPerson instead of
account for your structural class by either
1) Setting the environment variable $LDAP_EXTENDED_SCHEMA to 1 before
running the migration scripts, or
2) Editing /usr/share/openldap/migration/migrate_common.ph so that
$EXTENDED_SCHEMA = 0;
on line 90 or so reads
$EXTENDED_SCHEMA = 1;
Then you can add the hostObject class manually to inetOrgPerson if
you really need it, and not use account at all.
You can also cause groups to be put in ou=Groups instead of ou=Group
by editing line 61 or so of migrate_common.ph appropriately. This is
in the middle of the else condition of the test for the presence of
/usr/sbin/mkslapdconf ($NETINFOBRIDGE). It'll use posixGroup as the
structural class, of course, which leads into the whole discussion of
whether you can/should use groupOfUniqueNames as well that we just
recently had on the list.
The PADL migration scripts are a bit rickety; it's a good idea to
always check their output for sanity.
-- Steve Bonneville
More information about the Fedora-directory-users
mailing list