passwd/shadow/group --> fedora-ds HOWTO?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Bryan K. Wright wrote:
> Hi folks,
> 
> 	I've just started playing with fedora directory server,
> and I'm looking for a straightforward way to import existing
> Linux accounts (passwd/shadow/group files) into fedora-ds.
> 
> 	I've looked at the padl migration tools and tried
> them out, but they don't seem to quite get it right.  First,
> the groups are put into ou=Groups instead of ou=Group (as 
> fedora-ds expects).  Editing the ldif file to change Groups to
> Group allows me to import the group data, but then the objectClasses
> are wrong.  The padl tools create groups as class "posixGroup",
> but fedora-ds seems to use "groupofuniquenames" for groups.

Bryan, the object classes advertise how the entry's data may be used.  The same
entry may be used for multiple purposes.  You may want to use the same posix
groups for email or aci's as well (for example).

> 	Also, the padl migration tools use objectClasses
> "posixAccount","account" and "shadowAccount" for entries in
> the passwd file, but fedora-ds seems to expect "person",
> "organizationalPerson" and "inetorgperson".

Again, 'person', 'organizationalPerson' and 'inetOrgPerson' are generic-ish LDAP
objectclasses.  These are describing the entry and its contents.  These are used
in different ways.  When you specify an objectclass of 'posixAccount' you are
saying that this entry is a posix account (aptly named).  Different
objectClasses allow/require different attributes.

For example, in order to store homeDirectory, gecos, uidNumber, gidNumber (LDAP
attribute equivalents of the /etc/passwd values) in the Directory, you will want
to use posixAccount.

Take a look at 'http://ldap.akbkhome.com/index.php/objectclass.html' to see what
objectClasses allow what attributes.  Specifically:
'http://ldap.akbkhome.com/index.php/objectclass/posixAccount.html'

> 	Has anybody written a simple HOWTO for migrating
> passwd/shadow/group files to fedora-ds?

How are you planning to access the data in the Directory?  libnss-ldap and
pam-ldap?  If so, there is a lot of flexibility in how you store the data.  You
can configure filters in those modules to find the data that you want.  You
might want to look at those, as there is some decent documentation, and then see
what THEY expect.

Hope that helps.

Elliot
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux