Building an LDAP Server on Linux, Part 4 - Page 3

 By Carla Schroder
Page 3 of 3   |  Back to Page 1
Print Article

Migrating User Data

There are some lovely scripts provided by PADL Software to ease the chore of populating your LDAP directory. These extract your existing user data and create nice LDAP directory entries. Look for "Migration Tools" on their website. You'll need to edit migrate_common.ph to include your specific network settings.

It doesn't make sense to throw an inordinate burden on the LDAP server by cluttering it with things like /etc/services or /etc/protocols. These are quite static and common to Linux systems; you don't need LDAP to serve them up. Start out with migrating /etc/passwd and /etc/group. I recommend making copies of /etc/passwd and /etc/group, and running the appropriate scripts first on the copies (migrate_group.pl, migrate_passwd.pl).

This will generate .ldif files that you can examine to make sure they're done the way you like. The scripts are easy as pie to use:

# migrate_passwd.pl  /etc/passwd  passwd.ldif

Then add the .ldif files to the database in the usual manner, via ldapadd:

# ldapadd -x -D "cn=Manager,dc=carlasworld,dc=net" -W -f passwd.ldif

Wrapping Up

OpenLDAP is a great program. It's also hugely complicated. Hopefully this series has helped you get over the initial speed bumps, and you now have a running server to test and learn on. In Resources I've listed what I've found to be the most helpful resources for understanding the most difficult LDAP components: schema, ACLs, and encryption.

I also recommend looking for useful documentation included with your Linux distribution, as there are a number of variations in the way each distribution installs and configures OpenLDAP, as well as things like TLS and SASL.


Cyrus SASL
Building an Address Book with OpenLDAP
Using OpenLDAP For Authentication; Revision 2 – This is an excellent document that also teaches client configuration
PADL Software

» See All Articles by Columnist Carla Schroder

This article was originally published on Dec 10, 2003
Get the Latest Scoop with Networking Update Newsletter