[389-users] Getent and ldapsearch import from openldap
Craig White
craigwhite at azapple.com
Fri Jul 24 16:33:31 UTC 2009
On Fri, 2009-07-24 at 11:56 -0400, Prashanth Sundaram wrote:
> Hi all,
>
> I am trying to migrate all users from openldap to FDS. The schema and
> object class in openldap is pretty messed up and needs lot of
> massaging. I tried exporting the schema and running the conversion
> script but it usually fails and the db import is not correct.
>
> Requirement: Only users with uid, gid and homedir needed. Nothing more
> or less
>
> So I did this, for Users, uid, gid, homedir import:
>
> #getent passwd
> Sample output:
> oracle:x:1001:1001:oracle:/home/oracle:/bin/bash
>
> Now, run ./migrate_passwd.pl on the aboveoutput to convert to ldif
> file. The result was like below.
> Sample output ldif:
> dn: uid=oracle,ou=People,dc=fedorads,dc=net uid: oracle cn: oracle
> objectClass: account objectClass: posixAccount objectClass: top
> userPassword: {crypt}x loginShell: /bin/bash uidNumber: 1001
> gidNumber: 1001 homeDirectory: /home/oracle gecos: oracle
>
> For Password import
>
> ldapsearch –D BindDN –W –x uid=* userPassword uidNumber gidNumber
> sample
> dn: uid=oracle,ou=People,dc=padl,dc=net uidNumber: 1001 gidNumber:
> 1001 userPassword:: e01ENX1nbDdQNm5iU3FQOGZJOTdVWXM2QXp3PT8H9
>
> Question 1: Please comment on above. Tell me if I could have
> simplified the approach. Is there a better way to import the password
> from OpenLDAP? The conversion schema is not working for me and it was
> set default.
>
> Question 2: Now I have two database with user and password separate.
> Can I import them separately and have it working?
>
> Question 3: When I imported, I got only 500users in db and rest didn’t
> make it. I am trying to remember which file and what limit needs to be
> edited for this issue.
----
Q1 - yes
Q2 - no
Q3 - yes, I think the rootbinddn does not have limits in openLDAP
ldapsearch -D BindDN -W -x '(homedir=/home/*)' -l max > /tmp/dump.ldif
but definitely use rootbinddn so you get passwords and no limits
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Fedora-directory-users
mailing list