Building an LDAP Server on Linux, Part 4 - Page 3

By Carla Schroder | Posted Dec 10, 2003
Page 3 of 3   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Migrating User Data

There are some lovely scripts provided by PADL Software to ease the chore of populating your LDAP directory. These extract your existing user data and create nice LDAP directory entries. Look for "Migration Tools" on their website. You'll need to edit migrate_common.ph to include your specific network settings.

It doesn't make sense to throw an inordinate burden on the LDAP server by cluttering it with things like /etc/services or /etc/protocols. These are quite static and common to Linux systems; you don't need LDAP to serve them up. Start out with migrating /etc/passwd and /etc/group. I recommend making copies of /etc/passwd and /etc/group, and running the appropriate scripts first on the copies (migrate_group.pl, migrate_passwd.pl).

This will generate .ldif files that you can examine to make sure they're done the way you like. The scripts are easy as pie to use:

# migrate_passwd.pl  /etc/passwd  passwd.ldif

Then add the .ldif files to the database in the usual manner, via ldapadd:

# ldapadd -x -D "cn=Manager,dc=carlasworld,dc=net" -W -f passwd.ldif

Wrapping Up

OpenLDAP is a great program. It's also hugely complicated. Hopefully this series has helped you get over the initial speed bumps, and you now have a running server to test and learn on. In Resources I've listed what I've found to be the most helpful resources for understanding the most difficult LDAP components: schema, ACLs, and encryption.

I also recommend looking for useful documentation included with your Linux distribution, as there are a number of variations in the way each distribution installs and configures OpenLDAP, as well as things like TLS and SASL.

Resources

OpenSSL
Cyrus SASL
Building an Address Book with OpenLDAP
Using OpenLDAP For Authentication; Revision 2 – This is an excellent document that also teaches client configuration
PADL Software
Openldap.org


» See All Articles by Columnist Carla Schroder

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter