In order to use ldap for user authentication, need to add some lines to /etc/openldap/slapd.conf.
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
index cn,uid eq
index uidNumber eq
index gidNumber eq
loglevel 296
Now, convert existing user account data to ldif format. I created a test user, called user1. I’ll use the script migrate_passwd.pl to convert /etc/passwd to passwd.ldif. All the migration scripts are in /usr/share/openldap/migration. In this directory, edit migrate_common.ph and change the following:
$DEFAULT_BASE =”ibmprint.uchicago.edu”
$DEFAULT_MAIL_DOMAIN=”dc=ibmprint,dc=uchicago,dc=edu”
$DEFAULT_MAIL_HOST=”ibmprint.uchicago.edu”
Now in /usr/share/openldap/migration, run:
./migrate_passwd.pl /etc/passwd /tmp/passwd.ldif
Now that I have these new ldif files, I need to add them to the database.
I edited /tmp/base.ldif so that it looks like this:
dn: ou=People,dc=ibmprint,dc=uchicago,dc=edu
ou: People
objectClass: top
objectClass: organizationalUnit
Then added it with:
ldapmodify -D “cn=Manager,dc=ibmprint,dc=uchicago,dc=edu” -W -x -a -f /tmp/base.ldif
Now do the same with the passwd.ldif file
ldapmodify -D “cn=Manager,dc=ibmprint,dc=uchicago,dc=edu” -W -x -a -f /tmp/passwd.ldif
Stupidly, I forgot to delete all the other accounts from passwd.ldif before importing. So now I need to figure out how to delete accounts.
To delete, create a file (/tmp/delmods) with the following:
dn: uid=sshd,dc=ibmprint,dc=uchicago,dc=edu
changetype: delete
Then, to actually delete, use:
ldapmodify -f /tmp/delmods
Here’s how I deleted a bunch of files:
ldapsearch -x -b “dc=ibmprint,dc=uchicago,dc=edu” > /tmp/x
grep dn: /tmp/x > /tmp/y
awk ‘{ print $0 “\nchangetype:delete\n” }’ /tmp/y > /tmp/x
Edit /tmp/x and take out the stuff that you don’t want to delete.
ldapmodify -D “cn=Manager,dc=ibmprint,dc=uchicago,dc=edu” -W -x -a -f /tmp/x
Now I have just a single user, user1 in the database.