[389-users] Getent and ldapsearch import from openldap

Craig White craigwhite at azapple.com
Fri Jul 24 16:33:31 UTC 2009 

On Fri, 2009-07-24 at 11:56 -0400, Prashanth Sundaram wrote:
> Hi all,
> 
> I am trying to migrate all users from openldap to FDS. The schema and
> object class in openldap is pretty messed up and needs lot of
> massaging. I tried exporting the schema and running the conversion
> script but it usually fails and the db import is not correct.
> 
> Requirement: Only users with uid, gid and homedir needed. Nothing more
> or less
> 
> So I did this, for Users, uid, gid, homedir import:
> 
> #getent passwd
> Sample output:
> oracle:x:1001:1001:oracle:/home/oracle:/bin/bash
> 
> Now, run  ./migrate_passwd.pl on the aboveoutput to convert to ldif
> file. The result was like below.
> Sample output ldif:
> dn: uid=oracle,ou=People,dc=fedorads,dc=net uid: oracle cn: oracle
> objectClass: account objectClass: posixAccount objectClass: top
> userPassword: {crypt}x loginShell: /bin/bash uidNumber: 1001
> gidNumber: 1001 homeDirectory: /home/oracle gecos: oracle
> 
> For Password import
> 
> ldapsearch –D BindDN –W –x uid=* userPassword uidNumber gidNumber
>  sample
> dn: uid=oracle,ou=People,dc=padl,dc=net uidNumber: 1001 gidNumber:
> 1001 userPassword:: e01ENX1nbDdQNm5iU3FQOGZJOTdVWXM2QXp3PT8H9
> 
> Question 1: Please comment on above. Tell me if I could have
> simplified the approach. Is there a better way to import the password
> from OpenLDAP? The conversion schema is not working for me and it was
> set default.
> 
> Question 2: Now I have two database with user and password separate.
> Can I import them separately and have it working?
> 
> Question 3: When I imported, I got only 500users in db and rest didn’t
> make it. I am trying to remember which file and what limit needs to be
> edited for this issue. 
----
Q1 - yes
Q2 - no
Q3 - yes, I think the rootbinddn does not have limits in openLDAP

ldapsearch -D BindDN -W -x '(homedir=/home/*)' -l max > /tmp/dump.ldif

but definitely use rootbinddn so you get passwords and no limits

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the 389-users mailing list