Hi Felipe, We have a nice library called lib389. It's a part of the 389 DS repo and packaged in Fedora as python3-lib389. I'd recommend using the latest Fedora version available to you. https://github.com/389ds/389-ds-base/tree/master/src/lib389
Generally, if you need more control and fine-grained settings, I recommend writing a simple Python script. But also, you can use our CLI tools - dsconf and dsidm - and write a shell script with them. dsidm is relatively new, though, depending on what package version you use. You can check dsidm code here - https://github.com/389ds/389-ds-base/tree/master/src/lib389/lib389/cli_idm It's pretty straightforward and uses lib389 as a base. I'm not aware of any existing account data migration tools. I remember william.br...@suse.com worked on that some time ago, so maybe he can direct you here with these other questions. :) Sincerely, Simon On Thu, May 12, 2022 at 7:24 AM Felipe Gasper <fel...@felipegasper.com> wrote: > Hello, > > I’m planning a migration of Linux account data from /etc/ files to > 389-ds (or OpenLDAP/slapd, but for now I’m leaning toward 389-ds). > I have a few questions that I hoped folks here might help with? > > - What kinds of automation tools do folks use for > creating/updating/removing dirsrv entries? I’m assuming there is something > that abstracts over all of the actual schema details? > > - What tools have folks used for migration of existing account data? I see > a package of Perl scripts that some distros provide; is that about it? > > - When creating a new posixAccount & posixGroup, how are UIDs and GIDs to > be chosen? If I have 10,000 users, do I have to grab all 10,000 > posixAccount and posixGroup entries to determine which is the next unused > UID & GID, or is there some cleaner solution? > > - Are there tools to facilitate race safety if, e.g., two concurrent > queries try to create an account at the same time? > > - I see that OpenLDAP/slapd can embed a Perl interpreter or exec arbitrary > commands to fulfill queries. Can 389-ds do something similar to implement > dynamic query results? > > Thank you in advance! > > cheers, > -Felipe Gasper > _______________________________________________ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
