--- /dev/null
+LDAP Migration Tools
+
+The MigrationTools are a set of Perl scripts for migrating users, groups,
+aliases, hosts, netgroups, networks, protocols, RPCs, and services from
+existing nameservices (flat files, NIS, and NetInfo) to LDAP. They are
+located on a default installation under /usr/share/openldap/migration.
+
+The tools require the ldapadd and ldif2dbm commands, which are distributed
+with most LDAP servers derived from the University of Michigan LDAP
+distribution. The source code for these is available with OpenLDAP.
+Additionally, Netscape provide an implementation of ldapmodify which
+subsumes the functionality of ldapadd. If you are using Netscape's Directory
+Server, you should set the $NSHOME and $serverId environment variables to
+assist the MigrationTools in locating your LDAP database and LDIF tools;
+they will use ldapmodify instead of ldapadd.
+
+These tools are freely redistributable according to the license included
+with the source files. They may be bundled with LDAP/NIS migration products.
+See RFC 2307 for more information on the schema used by these scripts. THIS
+SOFTWARE IS PROVIDED "AS IS" WITHOUT EXPRESS OR IMPLIED WARRANTY AND WITHOUT
+SUPPORT.
+
+Scripts
+
+ * migrate_base.pl creates naming context entries, including
+ subordinate contexts such as ou=people and ou=devices.
+ * migrate_aliases.pl migrates aliases in /etc/aliases to entries
+ conforming to the rfc822MailGroup schema. Organizations who have
+ deployed LDAP-based messaging solutions, such as Netscape's
+ Messaging Server, may wish to use a different schema for
+ representing mail aliases. Ypldapd does not use X.500 groups (such
+ as groupOfUniqueNames) for mail alias expansion because
+ flattening an arbitrarily nested group at runtime may be
+ expensive. (It is possible to write a ypldapd plug-in to support
+ such a schema, however.)
+ * migrate_group.pl migrates groups in /etc/group
+ * migrate_hosts.pl migrates hosts in /etc/hosts
+ * migrate_networks.pl migrates networks in /etc/networks
+ * migrate_passwd.pl migrates users in /etc/passwd. Note that if
+ users are allowed read the userPassword attribute, and your LDAP
+ server doesn't support authenticating against hashed passwords
+ then anyone may read the userPassword attribute's value and
+ authenticate as that user. Modern LDAP servers, such as Netscape
+ Directory Server, support authenticating against hashed passwords,
+ so this is not an issue. The OpenLDAP LDAP server also supports
+ such authentication.
+ * migrate_protocols.pl migrates protocols in /etc/protocols
+ * migrate_services.pl migrates services in /etc/services
+ * migrate_netgroup.pl migrates netgroups in /etc/netgroup
+ * migrate_netgroup_byuser.pl migrates the netgroup.byuser map. It
+ requires revnetgroup.
+ * migrate_netgroup_byhost.pl migrates the netgroup.byhost map. It
+ requires revnetgroup.
+ * migrate_rpc.pl migrates RPCs in /etc/rpc
+
+Configuration
+
+The configuration for these Perl scripts is contained at the head of
+migrate_common.ph:
+
+ Perl variable Description
+
+ $DEFAULT_MAIL_DOMAIN The mail domain used for the mail
+ attribute in migrate_passwd.pl when
+ extended schema support is enabled. You may
+ override this with the DEFAULT_MAIL_DOMAIN
+ environment variable.
+
+ $DEFAULT_BASE The naming suffix to use in
+ entries' distinguished names. If
+ undefined, this will be constructed by
+ mapping the mail domain name into a
+ distinguished name (eg aceindustry.com
+ becomes dc=aceindustry,dc=com ). You may
+ override this with the LDAP_BASEDN
+ environment variable.
+
+ $EXTENDED_SCHEMA Enables extended schema support.
+ This adds the organizationalPerson and
+ inetOrgPerson object classes, amongst
+ others, to users migrated by the
+ migrate_passwd.pl script.
+
+ NAMINGCONTEXT Determines the LDAP/X.500 naming context
+ to use for a migration tool. The dictionary
+ is keyed by tool (as in migrate_ tool .pl ).
+ Values are concatenated with $DEFAULT_BASE
+ by the & getsuffix() subroutine.
+
+The following environment variables control the behavior of the
+migration shell scripts:
+
+ Environment variable Description
+
+ DEFAULT_MAIL_DOMAIN See above
+
+ LDAPADD Path the ldapadd executable, for online
+ migration (if not in the path or
+ /usr/local/bin or /usr/bin)
+
+ LDIF2LDBM Path the ldif2ldbm executable, for offline
+ migration (if not in the path or
+ /usr/local/bin or /usr/bin)
+
+ PERL Path to the Perl interpreter (if not
+ /usr/bin or /usr/local/bin)
+
+ LDAPHOST Your LDAP server, for online
+ migration. This is optional; you'll be
+ prompted if the environment variable is not
+ set.
+
+ LDAP_BASEDN See above ( $DEFAULT_BASE). This is
+ optional; you'll be prompted if the
+ environment variable is not set.
+
+ LDAP_BINDDN The distinguished name to bind to the
+ LDAP server as, for online migration. This
+ is optional; you'll be prompted if the
+ environment variable is not set.
+
+ LDAP_BINDCRED The password to bind to the LDAP server
+ with, for online migration. This is
+ optional; you'll be prompted if the
+ environment variable is not set.
+
+You will probably wish to use a shell script or makefile to automate
+population of your LDAP database, either off-lien (with ldif2ldbm) or
+on-line (with ldapadd). The migrate_all_*.sh shell scripts do this, but you
+may wish to customize their behaviour. The following table explains which
+migration scripts to use:
+
+ Shell script Existing nameservice LDAP
+ running?
+
+ migrate_all_online.sh /etc flat files Yes
+
+ migrate_all_offline.sh /etc flat files No
+
+ migrate_all_netinfo_online.sh NetInfo Yes
+
+ migrate_all_netinfo_offline.sh NetInfo No
+
+ migrate_all_nis_online.sh NIS/YP Yes
+
+ migrate_all_nis_offline.sh NIS/YP No
+
+Below are examples of migrate_hosts.pl and migrate_passwd.plbeing used to
+migrate hosts and users, respectively:
+
+$ migrate_hosts.pl /etc/hosts
+dn: cn=mira.aceindustry.com,ou=devices,dc=aceindustry,dc=com
+objectclass: ipHost
+objectclass: device
+objectclass: top
+ipHostNumber: 10.1.70.5
+cn: mira
+cn: www.aceindustry.com
+cn: mira.aceindustry.com
+
+$ migrate_passwd.pl /etc/passwd
+dn: cn=Joe Bloggs,ou=people,dc=aceindustry,dc=com
+cn: Joe Bloggs
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: posixAccount
+objectclass: account
+mail: jbloggs@aceindustry.com
+givenname: Joe
+sn: Bloggs
+uid: jbloggs
+userPassword: {crypt}daCXgaxahRNkg
+loginShell: /bin/csh
+uidNumber: 20
+gidNumber: 20
+homeDirectory: /home/jbloggs
+