[KLUG Members] Openldap migration issues

Peter Buxton members@kalamazoolinux.org
Wed, 3 Dec 2003 13:56:42 -0500

Previous message: [KLUG Members] book suggestions for openldap
Next message: [KLUG Members] Re: Openldap migration issues
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Dec 03, 2003 at 02:17:27PM -0500, Adam Williams was only escaped
   alone to tell thee:

> > > If you try to go into LDAP via a "cookbook" your steaming down a blind
> > > alley, IMHO.  It is really best if you take some time to understand
> > > the directory oriented approach.  Obviously this is true of anything,
> > > but LDAP especially, and more so.
> > May I note that without some recipes, almost all Linux programs would go
> > unused.
> > I'm working with the padl.com migration scripts and have hit a rather
> > large snag: krbName is not defined in /etc/ldap/schema/krb5-kdc.schema,
> > but the padl.com scripts expect it to be there. Adam: what do I use
> > instead of krbName: krb5PrincipalName or krb5Principal? I think it's the
> > first.
> 
> krbName is defined in core.schema  Just abuot every DSA in the world should know
> about it.  If yours doesn't I'd suspect a packaging problem.
> 
> attributetype ( 1.3.6.1.4.1.250.1.32
>         NAME ( 'krbName' 'kerberosName' )
>         DESC 'Kerberos Name'
>         EQUALITY caseIgnoreIA5Match
>         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
>         SINGLE-VALUE )
> 
> You can just remove
> 
>         if ($DEFAULT_REALM) {
>                 print $HANDLE "krbName: $user\@$DEFAULT_REALM\n";
>         }
> 
> from migrate_passwd.pl if your not using Kerberos, since then krbName won't do
> you any good anyway.  It is broken behaviour that the scripts ASSUME you are
> using Kerberos if you have enabled the extended schema information (in
> migrate_common.ph).
> 
> > And may I say what a massive thrill it is to use the online migration
> > script only to have it fail on the slightest error? The offline attempt
> > ended in failure when my slapd database dared to have
> > "dn: dc=killdevil,dc=org" defined.
> 
> I won't argue that the scripts are starting to show their age (and
> maintainerlessness).
> _______________________________________________
> Members mailing list
> Members@kalamazoolinux.org
> 
> 


> > $1$blahblahblah... isn't crypt.
> 
> 
>          } else {
>                 print $HANDLE "userPassword: {crypt}$pwd\n";
>         }
> 
> is hardcoded in migrate_passwd.pl
> 
> Your right that $1$ is definetely an MD5 string.


-- 
Irony is: Bill Gates claims to be making a stable operating system
while Linus Torvalds claims to be trying to take over the world.

Previous message: [KLUG Members] book suggestions for openldap
Next message: [KLUG Members] Re: Openldap migration issues
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]