[KLUG Members] Re: Openldap migration issues

[Peter Buxton]

Okay, now the REAL message! (Darn trigger finger!)

On Wed, Dec 03, 2003 at 02:17:27PM -0500, Adam Williams was only escaped
   alone to tell thee:

> krbName is defined in core.schema  Just abuot every DSA in the world
> should know about it.  If yours doesn't I'd suspect a packaging
> problem.

Not here it isn't. I'm not sure why, but I think it's time I started
haunting the debian-* mailing lists again. Debian.org uses LDAP for
information... I must assume that, at some level, this stuff works. ;-)

> from migrate_passwd.pl if your not using Kerberos, since then krbName won't do
> you any good anyway.  It is broken behaviour that the scripts ASSUME you are
> using Kerberos if you have enabled the extended schema information (in
> migrate_common.ph).

Remember why Forth died? Extensible languages are not compatible with
anything else, even themselves. Bad call on someone's part....

> I won't argue that the scripts are starting to show their age (and
> maintainerlessness).

>                 print $HANDLE "userPassword: {crypt}$pwd\n";

> Your right that $1$ is definetely an MD5 string.

That bites. It's mad that these scripts can't use a real configuration
file, or check your schema before they try jamming tons of data into
OpenLDAP.

I also got an error about broken schema in OpenLDAP, but I'm not sure if
it is actually a schema error (how thoroughly does slapd check schema's
upon loading?) or if the script tried to create a DN without setting up
the base classes first. Try, try again.

-- 
Irony is: Bill Gates claims to be making a stable operating system
while Linus Torvalds claims to be trying to take over the world.