From 5988af78da73bad08e1c12ad723a7055f14738ac Mon Sep 17 00:00:00 2001 From: kloczek Date: Wed, 18 Aug 1999 22:08:26 +0000 Subject: [PATCH 1/1] - small dok for LDAP MigrationTools. Changed files: MigrationTools.txt -> 1.1 --- MigrationTools.txt | 179 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 179 insertions(+) create mode 100644 MigrationTools.txt diff --git a/MigrationTools.txt b/MigrationTools.txt new file mode 100644 index 0000000..5331913 --- /dev/null +++ b/MigrationTools.txt @@ -0,0 +1,179 @@ +LDAP Migration Tools + +The MigrationTools are a set of Perl scripts for migrating users, groups, +aliases, hosts, netgroups, networks, protocols, RPCs, and services from +existing nameservices (flat files, NIS, and NetInfo) to LDAP. They are +located on a default installation under /usr/share/openldap/migration. + +The tools require the ldapadd and ldif2dbm commands, which are distributed +with most LDAP servers derived from the University of Michigan LDAP +distribution. The source code for these is available with OpenLDAP. +Additionally, Netscape provide an implementation of ldapmodify which +subsumes the functionality of ldapadd. If you are using Netscape's Directory +Server, you should set the $NSHOME and $serverId environment variables to +assist the MigrationTools in locating your LDAP database and LDIF tools; +they will use ldapmodify instead of ldapadd. + +These tools are freely redistributable according to the license included +with the source files. They may be bundled with LDAP/NIS migration products. +See RFC 2307 for more information on the schema used by these scripts. THIS +SOFTWARE IS PROVIDED "AS IS" WITHOUT EXPRESS OR IMPLIED WARRANTY AND WITHOUT +SUPPORT. + +Scripts + + * migrate_base.pl creates naming context entries, including + subordinate contexts such as ou=people and ou=devices. + * migrate_aliases.pl migrates aliases in /etc/aliases to entries + conforming to the rfc822MailGroup schema. Organizations who have + deployed LDAP-based messaging solutions, such as Netscape's + Messaging Server, may wish to use a different schema for + representing mail aliases. Ypldapd does not use X.500 groups (such + as groupOfUniqueNames) for mail alias expansion because + flattening an arbitrarily nested group at runtime may be + expensive. (It is possible to write a ypldapd plug-in to support + such a schema, however.) + * migrate_group.pl migrates groups in /etc/group + * migrate_hosts.pl migrates hosts in /etc/hosts + * migrate_networks.pl migrates networks in /etc/networks + * migrate_passwd.pl migrates users in /etc/passwd. Note that if + users are allowed read the userPassword attribute, and your LDAP + server doesn't support authenticating against hashed passwords + then anyone may read the userPassword attribute's value and + authenticate as that user. Modern LDAP servers, such as Netscape + Directory Server, support authenticating against hashed passwords, + so this is not an issue. The OpenLDAP LDAP server also supports + such authentication. + * migrate_protocols.pl migrates protocols in /etc/protocols + * migrate_services.pl migrates services in /etc/services + * migrate_netgroup.pl migrates netgroups in /etc/netgroup + * migrate_netgroup_byuser.pl migrates the netgroup.byuser map. It + requires revnetgroup. + * migrate_netgroup_byhost.pl migrates the netgroup.byhost map. It + requires revnetgroup. + * migrate_rpc.pl migrates RPCs in /etc/rpc + +Configuration + +The configuration for these Perl scripts is contained at the head of +migrate_common.ph: + + Perl variable Description + + $DEFAULT_MAIL_DOMAIN The mail domain used for the mail + attribute in migrate_passwd.pl when + extended schema support is enabled. You may + override this with the DEFAULT_MAIL_DOMAIN + environment variable. + + $DEFAULT_BASE The naming suffix to use in + entries' distinguished names. If + undefined, this will be constructed by + mapping the mail domain name into a + distinguished name (eg aceindustry.com + becomes dc=aceindustry,dc=com ). You may + override this with the LDAP_BASEDN + environment variable. + + $EXTENDED_SCHEMA Enables extended schema support. + This adds the organizationalPerson and + inetOrgPerson object classes, amongst + others, to users migrated by the + migrate_passwd.pl script. + + NAMINGCONTEXT Determines the LDAP/X.500 naming context + to use for a migration tool. The dictionary + is keyed by tool (as in migrate_ tool .pl ). + Values are concatenated with $DEFAULT_BASE + by the & getsuffix() subroutine. + +The following environment variables control the behavior of the +migration shell scripts: + + Environment variable Description + + DEFAULT_MAIL_DOMAIN See above + + LDAPADD Path the ldapadd executable, for online + migration (if not in the path or + /usr/local/bin or /usr/bin) + + LDIF2LDBM Path the ldif2ldbm executable, for offline + migration (if not in the path or + /usr/local/bin or /usr/bin) + + PERL Path to the Perl interpreter (if not + /usr/bin or /usr/local/bin) + + LDAPHOST Your LDAP server, for online + migration. This is optional; you'll be + prompted if the environment variable is not + set. + + LDAP_BASEDN See above ( $DEFAULT_BASE). This is + optional; you'll be prompted if the + environment variable is not set. + + LDAP_BINDDN The distinguished name to bind to the + LDAP server as, for online migration. This + is optional; you'll be prompted if the + environment variable is not set. + + LDAP_BINDCRED The password to bind to the LDAP server + with, for online migration. This is + optional; you'll be prompted if the + environment variable is not set. + +You will probably wish to use a shell script or makefile to automate +population of your LDAP database, either off-lien (with ldif2ldbm) or +on-line (with ldapadd). The migrate_all_*.sh shell scripts do this, but you +may wish to customize their behaviour. The following table explains which +migration scripts to use: + + Shell script Existing nameservice LDAP + running? + + migrate_all_online.sh /etc flat files Yes + + migrate_all_offline.sh /etc flat files No + + migrate_all_netinfo_online.sh NetInfo Yes + + migrate_all_netinfo_offline.sh NetInfo No + + migrate_all_nis_online.sh NIS/YP Yes + + migrate_all_nis_offline.sh NIS/YP No + +Below are examples of migrate_hosts.pl and migrate_passwd.plbeing used to +migrate hosts and users, respectively: + +$ migrate_hosts.pl /etc/hosts +dn: cn=mira.aceindustry.com,ou=devices,dc=aceindustry,dc=com +objectclass: ipHost +objectclass: device +objectclass: top +ipHostNumber: 10.1.70.5 +cn: mira +cn: www.aceindustry.com +cn: mira.aceindustry.com + +$ migrate_passwd.pl /etc/passwd +dn: cn=Joe Bloggs,ou=people,dc=aceindustry,dc=com +cn: Joe Bloggs +objectclass: top +objectclass: person +objectclass: organizationalPerson +objectclass: inetOrgPerson +objectclass: posixAccount +objectclass: account +mail: jbloggs@aceindustry.com +givenname: Joe +sn: Bloggs +uid: jbloggs +userPassword: {crypt}daCXgaxahRNkg +loginShell: /bin/csh +uidNumber: 20 +gidNumber: 20 +homeDirectory: /home/jbloggs + -- 2.43.0