hey guys, nice suggestions.. it looks like PADL did not cover shadow
entries for some reason.. this will likely have to be a custom script
i will have to write...
in the meantime I made sure I was root and then ran the scripts:
Hey guys,
The script definitely ran as root:
LBSD2# whoami
root
LBSD2# ./migrate_passwd.pl /etc/passwd /tmp/passwd.ldif
This is an ldif entry that resulted:
dn: uid=bluethundr,ou=People,dc=summitnjhome,dc=com
uid: bluethundr
cn: Timothy P.
givenName: Timothy P.
sn:
mail: bluethundr@xxxxxxxx
mailRoutingAddress: bluethundr@xxxxxxxxxxxxx
mailHost: mail.padl.com
objectClass: inetLocalMailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: kerberosSecurityObject
userPassword: {crypt}*
krbName: bluethundr@xxxxxxxx
loginShell: /usr/local/bin/bash
uidNumber: 1001
gidNumber: 1002
homeDirectory: /home/bluethundr
gecos: Timothy P.
so no mater if you are root passwords are not transferred...
On Fri, Oct 29, 2010 at 11:24 AM, jleafey <jay.leafey@xxxxxxxxxxxx> wrote:
> On Fri, 29 Oct 2010 16:42:41 +0200 (CEST) "Alexander Dalloz"
> <ad+lists@xxxxxxxxx> wrote
>
>> <SNIP>
>>
>> The PADL script blindly uses {crypt}, although the password encryption
>> mechanism may be very different.
>>
>> > thanks in advance for any tips you can share that will get this working!
>>
>> Alexander
>>
>
> I think Alexander is onto something here. I just checked my default CentOS 5
> installation and /etc/sysconfig/authconfig specifies that the passwords are
> hashed using MD5, so there's a good chance yours is too. We ran into a problem
> with this when we migrated users to the Sun directory server (not my choice!).
> The {?} part of the userPassword field value specifies the hash method used, so
> if OpenLDAP supports MD5 you may be able to just do a global search-and-replace
> of '{crypt}' with '{MD5}'.
>
> OTOH, if the "*" you showed in the message was literal, you'll probably have to
> do some additional work to retrieve the user's password from /etc/shadow and
> plug that in instead. You could just cobble up a script to generate a simple
> LDIF file just to change the passwords if you don't want to alter the output of
> the PDL scripts. The format is pretty simple, just look at the ldapmodify man
> page for hints. Just scan through /etc/shadow and look for something with a
> pasword <> "!!" and generate the LDIF to change that user's password.
>
> Just my $.02!
> --
> Jay Leafey - Memphis, TN
> jay.leafey@xxxxxxxxxxxx
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
--
Here's my RSA Public key:
gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9
Share and enjoy!!
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
