[Scottish] LDAP migration help
Gavin Henry
ghenry at suretecsystems.com
Wed Jun 13 15:19:39 BST 2007
<quote who="Phillip Bennett">
> Hi everyone,
>
> I am trying to migrate our NIS services (users, autofs etc) to an LDAP
> server. I have found the Migration Tools from PADL (www.padl.com) and I am
> having a few weird problems.
Hi Phillip,
>
> When running the "migrate_all_nis_online.sh" script, I recieve the
> following
> error:
>
> adding new entry "uid=clare,ou=People,dc=mve,dc=com"
> ldap_add: Invalid syntax (21)
> additional info: objectClass: value #6 invalid per syntax
>
<snip>
> objectClass: inetLocalMailRecipient
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: top
> objectClass: kerberosSecurityObject
ObjectClasses start from #0, so value #6 in your LDIF is
'kerberosSecurityObject'
This will be included for the attribute 'krbName'.
This attribute isn't part of any of the schema files you have included in
slapd.conf
>
> All the howtos I have read so far indicate that the "USE_EXTENDED_SCHEMA"
> VALUE SHOULD BE SET TO 1. However, if I set it to 0, the LDIF file gives
> the following data:
Which Howto? Howtos are bad ;-)
>
> dn: uid=clare,ou=People,dc=mve,dc=com
> uid: clare
> cn: Clare Bond
> objectClass: account
> objectClass: posixAccount
> objectClass: top
> userPassword: {crypt}<snip!>
> loginShell: /bin/tcsh
> uidNumber: 2049
> gidNumber: 20
> homeDirectory: /homes/clare
> gecos: Clare Bond
>
> Then, the resulting LDIF file works properly (after a bout of deleting
> duplicate service informatoin) and I have an LDAP database. So the
> question
> becomes, "Do I need the extended schema?"
* mailRoutingAddress
* mailHost
* inetLocalMailRecipient
* kerberosSecurityObject
* krbName
If all you want to do is import the user accounts, you definitely don't
need these.
If you really want krbName, see:
http://osdir.com/ml/network.openldap.general/2002-11/msg00128.html
Who's version of OpenLDAP are you using btw?
In the Red Hat rpms you'll notice:
"* Wed Apr 30 2003 Nalin Dahyabhai <nalin at redhat.com>
- update to 2.1.17
- disable the shell backend, not expected to work well with threads
- drop the kerberosSecurityObject schema, the krbName attribute it
contains is only used if slapd is built with v2 kbind support"
>
> The relevant includes from the slapd.conf file are: core.schema,
> cosine.schema, inetorgperson.schema, nis.schemfa, samba.schema,
> autofs.schema and misc.schema. I am hoping to be able to use the LDAP
> server for samba authentication later on (If it ever works!) and
> authenticate the windows clients to the samba server., thus giving linux
> and
> windows a single user database for everything.
>
You'll then need to either migrate an existing tdb backend Samba setup
with pdbedit to import from tdb to LDAP:
pdbedit -y -i tdbsam: -e ldapsam:ldap://my.ldap.host
(man pdbedit)
Or use the smbldap-tools to add the samba attributes. See the main Samba
docs for this.
HTH,
Gavin.
--
Kind Regards,
Gavin Henry.
Managing Director.
T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry at suretecsystems.com
Open Source. Open Solutions(tm).
http://www.suretecsystems.com/
More information about the Scottish
mailing list