On Thursday, 25 March 2010 14:12:40 Götz Reinicke - IT-Koordinator wrote:
Hi,
a couple of weeks ago I started to learn ldap and set up some test servers with the latest openldap for centos 5.4. I learned about schemas, ldif, ldap browsers etc. So I have an advanced basic knowledge about the technical fundamentals.
The primary goal is to have the login information for our mail and fileserver system in one place.
Right now we do use sendmail, dovecot and samba.
After testing some of the migration tools for migrating posix and sambaSam accounts, I was asking myselve: what is the best way to start the migration? Right now the directory is completely empty, so I can start from scratch.
Both types of accounts do have different attributes and furthermore I'd like to use some inetOrgPerson/organizationalPerson attributes.
The only thing to worry about here is which structural objectclass to use, it is usually either a choice between 'account' and 'inetOrgPerson'. There is no issue with posixAccount or sambaSamAccount, they are both auxiliary. For the rgc2307 vs rfc2307bis group issue, I don't think samba supports rfc2307bis, so you should go with rfc2307 (using memberUid for denoting members of groups, holding the username, not the DN).
So should I first run the smbldaptool or first fill the directory with the migrate_....sh script?
You may have to do some preparation of the directory, for example, if you are going to use smbldap-tools in your final system, you could use smbldap-populate for the initial setup (ensure you set the SIDs correctly in the configuration file).
Once you have samba and smbldap-tools configured correctly, you can migrate your samba accounts to LDAP using pdbedit, which should use the 'add user script' and 'add machine script' commands and/or the direct LDAP write support in samba to do the migration of the accounts for you.
If you have a test system available, I would definitely test first, especially if you are running samba as a DC.
Regards, Buchan