Buchan Milne schrieb:
On Thursday, 25 March 2010 14:12:40 Götz Reinicke - IT-Koordinator
> a couple of weeks ago I started to learn ldap and set up some test
> servers with the latest openldap for centos 5.4. I learned about
> schemas, ldif, ldap browsers etc. So I have an advanced basic knowledge
> about the technical fundamentals.
> The primary goal is to have the login information for our mail and
> fileserver system in one place.
> Right now we do use sendmail, dovecot and samba.
> After testing some of the migration tools for migrating posix and
> sambaSam accounts, I was asking myselve: what is the best way to start
> the migration? Right now the directory is completely empty, so I can
> start from scratch.
> Both types of accounts do have different attributes and furthermore I'd
> like to use some inetOrgPerson/organizationalPerson attributes.
The only thing to worry about here is which structural objectclass to use, it
is usually either a choice between 'account' and 'inetOrgPerson'. There
issue with posixAccount or sambaSamAccount, they are both auxiliary. For the
rgc2307 vs rfc2307bis group issue, I don't think samba supports rfc2307bis, so
you should go with rfc2307 (using memberUid for denoting members of groups,
holding the username, not the DN).
For what I've read so far, I'd go with the 'inetOrgPerson' class, as it
provides more attributes and sooner or later we will use lot of tham.
Concerning the rfc2307 vs rfc2307bis I'm yet not that familier with the
differences and handling. But from
it seams, that it is possible to enable RFC2307bis for the nss_ldap:
"The nss_ldap library from PADL software (http://www.padl.com
this by enabling the library’s RFC2307bis extensions (pass the
--enable-rfc2307bis option to the nss_ldap configure script when
mentions also Support for the
RFC 2307/RFC 2307bis.
Or do I get something wrong?
> So should I first run the smbldaptool or first fill the directory
> the migrate_....sh script?
You may have to do some preparation of the directory, for example, if you are
going to use smbldap-tools in your final system, you could use smbldap-populate
for the initial setup (ensure you set the SIDs correctly in the configuration
Once you have samba and smbldap-tools configured correctly, you can migrate
your samba accounts to LDAP using pdbedit, which should use the 'add user
script' and 'add machine script' commands and/or the direct LDAP write
in samba to do the migration of the accounts for you.
If you have a test system available, I would definitely test first, especially
if you are running samba as a DC.
Thanks for your comment and best regards,
Tel. +49 7141 969 420
Fax +49 7141 969 55 420
Filmakademie Baden-Württemberg GmbH
Eintragung Amtsgericht Stuttgart HRB 205016
Vorsitzende des Aufsichtsrats:
Prof. Dr. Claudia Hübner
Staatsrätin für Demographischen Wandel und für Senioren im Staatsministerium
Prof. Thomas Schadt