Hi all. I want to set up the following server in open suse:
dhcp
openldap
nfs (to allow users to mount their home directories from the server
I started off with the openldap server. I configured it with dc=localdomain,dc=local as its domain. As the server machine has no internet. Though when I go to add a .ldif file with the following command
As the message says, the entry already exists. Where did your LDIF file come from? If it came from a slapcat, you should import using slapadd. However if it came from a ldapsearch dump, then you should manually remove the parent entry which already exists.
I then copied the DB_CONFIG.example file to localdomain.local changing the name to DB_CONFIG. I then created the base.ldif file using gedit in /home directory. The base.ldif file reads:
dn: dc=localdomain,dc=local
objectClass: top
objectClass: domain
dc: localdomain
dn: ou=People,dc=localdomain,dc=local
objectClass: top
objectClass: OrganizationalUnit
ou: People
dn: ou=Group,dc=localdomain,dc=local
objectClass: top
objectClass: OrganizationalUnit
ou: Group
dn: ou=addressbook,dc=localdomain,dc=local
objectClass: top
objectClass: OrganizationalUnit
ou: addressbook
Alright i removed the top of my ldif file so that it starts off with dn: ou=People etc. I then added the entries. I’m looking to use the server for user authentication. I’ver created a testuser though how do i migrate it over to ldap. Thanks so much
LDAP is not something that can be explained in one forum posting. You’ll need to read a fair bit about LDAP schemas and syntax. Try looking for a LDAP tute on the web. If there is a YaST module for LDAP accounts, you should try using that first. I don’t use LDAP on my openSUSE machine, only on enterprise servers which are RHEL.
What about mounting the home directories from the server. I was thinking to this through nfs but the client cofig for ldap has this option. Does it include all the configuration though?
LDAP only distributes the information of the user accounts, it doesn’t actually do the mounting. You can use a variety of techniques including static mounts and autofs services to export NFS directories to clients.
Think of LDAP as a network-wide accessible database that holds all kinds of key-value information. A user account is only one kind of information that can be distributed via LDAP.
I’ve done a bit of searching and haven’t found anything about migrating users. But i did find out that useradd -D is supposed to use binddn to bind to the ldap directory how does this work.
That bind DN is usually that of a privileged LDAP account that can modify the LDAP data to add a user. As you realise the concept of a root process is not relevant when the LDAP service is somewhere on the network.
Finally found something on migration scripts. After awhile though I still couldn’t get it working. Is there any way i can just create user from ldif files like the following:
Yes that would be the way to go. But make sure you have all the attributes you need. For example you don’t have uidNumber and home directory in that record above, among other things. And if this is meant to be for a user, it is not a posixGroup object, it should be a posixAccount object. So ou would be People, not Group.
Do you know a website that tells me what I need to do to do this. Once i’ve created the ldif files i suppose all I have to do is use the ldapadd command to add them
Search for a “LDAP passwd conversion script”. The one I used last time was written in Perl. Most of them need a bit of tweaking to work.
You should not use it to import system accounts. In fact you should leave the system accounts in /etc/passwd and /etc/group and only import the UIDs and GIDs >= 1000. Then set your /etc/nsswitch.conf to use both passwd/group and LDAP for authentication.
I’m a total noob at this and still trying to learn. Using ldap passwd conversion scripts are a little bit beyond me. I only have basic knowledge in openldap from RHEL. What about this how to from ubuntu could i use it?
All the conversion script does is take the lines you have cut out of the password file and generate a LDIF file for import. It doesn’t matter which flavour of Linux you are running.