[389-users] Migrating from openldap/slapd to 389
Mark Reynolds
mareynol at redhat.com
Thu May 14 15:09:05 UTC 2015
Hi Bobby,
See comments below...
On 05/14/2015 09:24 AM, Bobby Krupczak wrote:
> Hi!
>
> Hey, I'm sure you guys are tired of folks asking this question but
> I've spent the last day searching the InterWebs and still have
> questions.
>
> I'm fixing to switch from openldap/slapd to 389 for ldap
> authentication for linux and samba clients. I want to run the 389 dir
> service on the same system as slapd.
>
> - Is the switch as simple as turning on the 389 server, turning off
> slapd, and importing my user account objects into 389 via a ldif?
Sort of. You need to make sure that the 389 DS is correctly configured,
and the LDIF files are imported.
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Configuring_Directory_Databases.html#Configuring_Directory_Databases-Creating_and_Maintaining_Suffixes
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Configuring_Directory_Databases.html
>
> - If I'm only using slapd for "standard" login accounts and passwords,
> do I still need to import any schemas from slapd? (It looks like
> 389 has the same basic schemas)
This depends. An easy to verify this is to just try to import the
LDIF(s). If you don't see any schema/objectlcass errors then you know
you are good to go. You can check the errors log for this
(/var/log/dirsrv/slapd-INSTANCE/errors).
>
> - I've used slapcat and ldapsearch to create ldif files of my user
> objects. Do I need to munge these ldif entries in order to import
> them into 389?
You can specify multiple ldif files when using the ldif2db command:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Populating_Directory_Databases.html#Populating_Directory_Databases-Importing_Data
You might need to set access permission on your database as well (like
anonymous access, etc).
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Access_Control.html
>
> - I didnt see specific instructions for enabling and turning on the
> web admin interface for 389. Is it turned on automatically when I
> start 389 server?
This is the 389-admin/389-console package, it is separate from the
389-ds-base package
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/admin-server.html
>
> - Is the switch transparent to linux/unix ldap clients or will I need
> to go re-configure them?
I'm not sure, I don't think you will need to do anything.
Regards,
Mark
>
> Thanks,
>
> Bobby
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20150514/09f57320/attachment.html>
More information about the 389-users
mailing list