customer is running openldap server on SLES 9 SP 3 x864, and now willing to move on 11 SP 3. whats the recommended method here.
I am considering to export ldap accounts in ldif format from SLE 9 SP 3, and then import them into the new 11 SP 3 box. the only confusion here is that what would be the password for all those accounts/users on openldap running on SLE 11 SP 3.
Please suggest what would be the best approach here(else IDM )
customer is running openldap server on SLES 9 SP 3 x864, and now willing to move on 11 SP 3. whats the recommended method here.
I am considering to export ldap accounts in ldif format from SLE 9 SP 3, and then import them into the new 11 SP 3 box. the only confusion here is that what would be the password for all those accounts/users on openldap running on SLE 11 SP 3.
Please suggest what would be the best approach here(else IDM )[/QUOTE]
I’m unsure if you mean “all those accounts/users on openldap already running on SLE 11 SP 3”: If you have duplicates, those will get overwritten during import.
The password attribute will be in the export, when done with sufficient permissions (which I strongly recommend), but I recall that somewhere along the SLES9/SLES10/SLES11 chain, password encryption was changed. Thus I’d expect difficulties logging in into an out.of-the-box SLES11SP3 system with userid/passwords imported from SLES9. If I recall correctly (I hit that years ago) you would either change the SLES configuration or set new passwords - maybe someone with better memory can jump in and list the details or correct me?
During such an upgrade, you’ll have the choice to change the slapd configuration systematics from slapd.conf to LDIF-based files in slapd.d - although it at first is a hassle, I suggest to take that option. In our environment, it offered a lot of improvements for cascaded and remote slapd configuration.
I’m unsure if you mean “all those accounts/users on openldap already running on SLE 11 SP 3”:
[/color]
I am sorry if I wrote this. simply accounts/users are on SLES 9 ldap, and we are planning to move on SLE 11 SP 3 ldap.
[color=blue]
The password attribute will be in the export, when done with sufficient permissions (which I strongly recommend),
[/color]
great… this is what I was looking for
[color=blue]
During such an upgrade, you’ll have the choice to change the slapd configuration
systematics from slapd.conf to LDIF-based files in slapd.d
[/color]
appreciate if you please refer me a document to acheive this. I have no idea of “change the slapd configuration
systematics from slapd.conf to LDIF-based files in slapd.d”
I’m unsure if you mean “all those accounts/users on openldap already running on SLE 11 SP 3”:
[/COLOR]
I am sorry if I wrote this. simply accounts/users are on SLES 9 ldap, and we are planning to move on SLE 11 SP 3 ldap.[/QUOTE]
no need to feel that way - I have a bad habit of reacting to even slightest ambiguity, that was just my way of asking if I got it right :[
[QUOTE=sharfuddin;21976][COLOR=blue]
During such an upgrade, you’ll have the choice to change the slapd configuration
systematics from slapd.conf to LDIF-based files in slapd.d
[/COLOR]
appreciate if you please refer me a document to acheive this. I have no idea of “change the slapd configuration
systematics from slapd.conf to LDIF-based files in slapd.d”[/QUOTE]
You might want to read the OpenLDAP configuration section from the project documentation (http://www.openldap.org/doc/admin24/slapdconf2.html). You can start by transforming your existing slapd.conf to the new LDIF format (see section 5.4 of the OpenLDAP guide) and then continue from there. To update the configuration manually, I recommend to use “gq” or another LDAP browser of your choice - updating the LDIF files directly should only be an option if you know what you’re doing or are prepared for a little downtime, until all (syntax) kinks have been cleared out
If I remember correctly, SLES 10 defaulted to using DES encryption for passwords and SLES 11 defaults to Blowfish. I used YaST to modify the default and set it back to DES. I am not using LDAP and am using /etc/passwd and didn’t want to reset passwords and have all of the users logon to change theirs.