Hi all,
I am importing users from a SME-9.2 server. They are now all in ldif format in a file users.ldif
.
https://access.redhat.com/solutions/179753
The users in the ldif fille all look OK but when I want to incorporate them in LDAP using:
# ldapadd -x -W -D “cn=ldapadm,dc=toto,dc=com” -f users.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
I tried all passwords that I used in NethServer-7.6.810 to no avail. It always return “Invalid credentials (49)”
How can I get this LDAP Password?
Any help appreciated,
Michel-André
mrmarkuz
(Markus Neuberger)
January 28, 2019, 1:26am
2
libuser is allowed to write to ldap, the password is stored in /var/lib/nethserver/secrets/libuser
.
ldapadd -x -D "cn=libuser,dc=directory,dc=nh" -w `cat /var/lib/nethserver/secrets/libuser` -f users.ldif`
http://docs.nethserver.org/projects/nethserver-devel/en/latest/nethserver-directory.html#examples
1 Like
Hi Markus,
Thank you very much for your fast response.
I tried your command without the backquote at the end and the output is:
# ldapadd -x -D “cn=libuser,dc=directory,dc=nh” -w cat /var/lib/nethserver/secrets/libuser
-f users.ldif
adding new entry “uid=root ,ou=People,dc=toto,dc=com”
ldap_add: Insufficient access (50)
additional info: no write access to parent
#
cat /var/lib/nethserver/secrets/libuser
Gives something like “123456789012345_
” and looks OK
I tried with user: admin but it cannot read /var/lib/nethserver/secrets/libuser
as it belongs to root with 600 permission.
I googled both:
ldap_add: Insufficient access (50)
additional info: no write access to parent
I will try again tomorrow.
I never worked with LDAP and I am a little bit confused…
Thank you again for your precious time,
Michel-André
mrmarkuz
(Markus Neuberger)
January 28, 2019, 12:04pm
4
It should work as root user:
ldapadd -Y EXTERNAL -f test.ldif
@nas Great work! It does not modify any configuration file managed by templates. Thus it’s OK for me.
@feenix : the root user has full privileges on the LDAP tree through the ldapi:// socket. This is the CentOS default. Just remember to use -Y EXTERNAL option on ldap* commands. For instance
ldapsearch -Y EXTERNAL -b cn=config
ldapdelete -Y EXTERNAL 'uid=yourmachine$' # <- does it work?
Unfortunately some services (like samba or libuser) don’t like ldapi:// and require an account. A…
Hi Markus,
You’re the greatest, it works!
I need to check the conversion of users to ldif file because it looks like I converted the users from passwd file incorrectly. I will work on that today and let you know because it will be a good way to migrate users from SME.
Thanks you very much,
Michel-André
1 Like
Hi Markus,
I don’t think that I’m on the right track. It created the home dir at the same place as SME does and the groups are not imported.
Michel-André
mrmarkuz
(Markus Neuberger)
January 28, 2019, 6:12pm
7
Did you see the docs about migrating from SME?
http://docs.nethserver.org/en/v7/migration.html#migration-from-nethservice-sme-server
Maybe it’s easier to put the users in a TSV file and import them:
http://docs.nethserver.org/en/latest/accounts.html#import-users
You may try to change the homeDirectory
LDAP field to /var/lib/nethserver/home/USER
.
There are different way to handle group memberships in LDAP.
To compare, here is a default NS7 user and group ldif file (you can get them with ldapsearch):
user ldif:
# standarduser, People, directory.nh
dn: uid=standarduser,ou=People,dc=directory,dc=nh
uidNumber: 1002
gidNumber: 1001
uid: standarduser
shadowMax: 99999
shadowWarning: 7
shadowMin: 0
loginShell: /usr/libexec/openssh/sftp-server
homeDirectory: /var/lib/nethserver/home/standarduser
shadowInactive: -1
shadowExpire: -1
gecos: Standard User
shadowLastChange: 17924
shadowFlag: -1
cn: Standard User
sn: standarduser
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
mail: standarduser@domain.local
groups ldif:
# standardgroup, Groups, directory.nh
dn: cn=standardgroup,ou=Groups,dc=directory,dc=nh
gidNumber: 1003
cn: standardgroup
objectClass: posixGroup
memberUid: standarduser
You may also use phpldapadmin to browse through LDAP and check fields.
Hi again Markus,
I looked at the migration page but my SME server is from around 2006, always updated to 9.2. It is packed with old junk and I want a fresh NethServer.
I used the migration page to migrate all emails and it worked perfectly.
After I finish looking at NS, I will migrate only all my WordPress webs with WordPress Duplicator extension which is working correctly. Also, I want to switch from MySQL to MariaDB…
I have only a few users but I am writing a howto about NS for my “grandmother” and other people who might have a lot of users and I am looking for an easy way to migrate only them.
Thank you again for your good advices,
Michel-André