Solaris 8 with OpenLDAP: Populating OpenLDAP
Populating OpenLDAP with posixAccounts
Now you need to write a script that generates the LDIF file from an /etc/passwd file.Here is a sample script which you can use. You'll notice that it's a PHP script. If you don't have PHP, you can download it from the Scripts section.
- you will need to modify the "SUFFIX" define at the top of the script
- This script will NOT import users with a UID less than 100.
#!/usr/local/bin/php -q
<?
define(SUFFIX, "dc=viawest, dc=net");
error_reporting(4);
if ($argc < 2)
exit("usage: $argv[0] passwd-file\n");
if (! ($f = fopen($argv[1], "r")))
exit("Coudln't open '$argv[1]' for read\n");
while (! feof($f))
{
$line = chop(fgets($f, 10240));
if (feof($f))
break;
$pwent = explode(":", $line);
if ($pwent[2] < 100)
continue;
$e = 0;
$ldifent[$e++] = "dn: uid=$pwent[0], ou=People, " . SUFFIX . "\n";
$ldifent[$e++] = "objectClass: top\n";
$ldifent[$e++] = "objectClass: posixAccount\n";
$ldifent[$e++] = "objectClass: shadowAccount\n";
$ldifent[$e++] = "uid: $pwent[0]\n";
if ($pwent[1])
$ldifent[$e++] = "userPassword: {crypt}$pwent[1]\n";
else {
$ldifent[$e++] = "userPassword: {crypt}*NP*\n";
}
$ldifent[$e++] = "uidNumber: $pwent[2]\n";
$ldifent[$e++] = "gidNumber: $pwent[3]\n";
if ($pwent[4])
$ldifent[$e++] = "gecos: $pwent[4]\n";
else
$ldifent[$e++] = "gecos: $pwent[0]\n";
if ($pwent[5])
$ldifent[$e++] = "homeDirectory: " . $pwent[0] . "\n";
else
$ldifent[$e++] = "homeDirectory: /\n";
if ($pwent[6])
$ldifent[$e++] = "loginShell: $pwent[6]\n";
else
$ldifent[$e++] = "loginShell: /bin/noshell\n";
$ldifent[$e++] = "cn: $pwent[0]\n";
for ($ctr = 0; $ctr < count($ldifent); $ctr++)
{
if ($ldifent[$ctr])
echo $ldifent[$ctr];
}
echo "shadowlastchange: -1\n";
echo "shadowmin: -1\n";
echo "shadowmax: -1\n";
echo "shadowwarning: -1\n";
echo "shadowinactive: -1\n";
echo "shadowexpire: -1\n";
echo "shadowflag: -1\n";
echo "description: -1\n\n";
unset($ldifent);
unset($pwent);
}
?>
Name this program passwd2ldif, make it executable, and issue the following command:
# ./passwd2ldif /etc/passwd > import.ldifThis should generate an LDIF file which you can import into your directory server. To perform the import, first stop the directory server. Then issue the command:
# /etc/init.d/slapd stop # slapadd -n 1 -l import.ldif # /etc/init.d/slapd startStart slapd and now your directory server should contain all of the entries included in the LDIF.
Now you can test your LDAP server by trying to search for a user. To search use, the ldapsearch command. To search for a user with the username edk, type:
ldapsearch -D cn=solaris,ou=ldapusers,dc=viawest,dc=net -W \
-b ou=People,dc=viawest,dc=net 'uid=edk'
-
-D = The BindDN to use when binding to the directory server
-W = Prompt for a password
-b = The search BaseDN
The last parameter is the search filter to use.
You will be prompted for a password. If you used the base.ldif file which I provided, the password is abc123. Your search should return something to the effect of:
dn: uid=edk, ou=People, dc=viawest,dc=net objectClass: top objectClass: posixaccount objectClass: shadowaccount uid: edk userPassword:: SiqSAjIjPq2jA2jOls49AlKDJzL= uidNumber: 1000 gidNumber: 100 gecos: Eric Kilfoil homeDirectory: /export/home/edk loginShell: /usr/bin/bash cn: edk shadowLastChange: -1 shadowMin: -1 shadowMax: -1 shadowWarning: -1 shadowInactive: -1 shadowExpire: -1 shadowFlag: -1 description: -1Notice that the userPassword attribute is base64 encoded. This is because of the userPassword attribute definition and this is normal. You can use a base64 decoder to view the actual information stored in the userPassword attribute.
Previous: Configuring OpenLDAP | Next: Configuring Solaris